Our eDirectory LDAP for our NAM protected B2B portal has all LDAP users
in a single OU. We want to configure SSPR so:
If a user is added to the SSPR password policy in eDirectory then they
CommandServlet?processAction=checkExpire will be triggered on login and
if inside warning period or if password expired then approariate SSPR
screens wil be displayed. However, if the user hasn't been added to the
SSPR password policy we want their login to continue as normal. We want
to gradually rollout SSPR to users in a staged manner i.e. no big bang.
Is this possible or does the users OU have to be assigned to the
password policy so that from day one all users have to use SSPR?
Using Change Password Permission LDAP filter does this allow us to limit
the SSPR users to only those we have already assigned to the password
policy e.g.
LDAP Search FIlter:
(&(objectClass=inetorgperson)(nspmPasswordPolicyDN =cn=SSPR_Policy,ou=Password
Policies,o=Security)) ?
If we configure the NAM login contract for B2B to have Redirect Login
URL setting will users who are not part of the password policy be able
to login normally?

ratclma's Profile: https://forums.netiq.com/member.php?userid=7886
View this thread: https://forums.netiq.com/showthread.php?t=55319