-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The biggest reason this may not work is going to be on the CLE side of
things... for example, does the limited use of JavaScript prevent the
SSPR site from working? Only testing will tell for sure. If it works I
do not see any reason why this would not be a valid option for you. You
should only really need one SSPR instance, though since they will all
presumably point to the same tree (and then let IDM synchronize the
newly-reset passwords around quickly) there is no longer a need to
synchronize challenges/responses, even if you do use the
challenge/response functionality within eDirectory instead of the
SSPR-specific challenges/responses.

Bug# 765873 reported as an enhancement to get this supported.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP0DbwAAoJEF+XTK08PnB5bj8QAM/IjjUHVWIRyjKd2A0fw6Ay
qXbgqNIFRB7o9MU9LeCwsMWWAhlGXhRVAXWVPZmyBbbmysWpey PoWwvLWQm9qMpf
d5zdwJIUorETFPdBoQ2dXod8s0TaM0pzwCny7zBqvkMTDFsqO4 2vCfG+S7cVuiqa
HxvOVumkjayMNF/a980UcIN/AK+ZRttRwqD6HTQeVq3mMAiYTkNdgAvmcRls1aeQ
FpW73z8EE2uhUi9pUubzMitLvZA2eJtA82waEAf3QK4sCEw4AH s0uMoSMeMOL+oR
pqmtWP32YXQGAJTs+VMh2Z3Sec3F3mLj8HiOKZj6Gig0PDRLuG nvpO7MjSB4ssS5
7MkfkO0l34WDqi1jb04Boln57ekElcJ8KFHPFKKv/tdyiZkfNNahyB6hhOb1mJif
hBZvynwjiajakbH/sgJlUFWLGr3Va3a4FyBqljG+ZvisSLKpNngK0nORiZS/tYLl
u/Qkq3c8eqV6yTF/OuN0L8giuCgljZH27flQZyGuWVLcePl2KBBOTz1WnYsEQu54
ni3C0NcdagY/0eLJ/zzbUcFwB6TL8BR6Moiolxd+GcpAMU2y4p+eX+9SllPEGBss
T8bdRy0DA4GMzNcPnV3Yl5hQXJIsdmhsQm8kr36cqDw427KA04 anR2U48IdwGIl/
/KBy8a9D9j4gFvgCxqEb
=gHwJ
-----END PGP SIGNATURE-----