A Forum reader recently asked:
"Does anyone know how to synchronize challenge-response data between IDM-connected trees?"
I'm sure there are others out there like us, who set their challenge responses in their central IDvault, but want users to be able to use the forgotten password link on their local tree when logging in via the Novell client. Our current solution is to provide a second login location for the client that lets the user connect to the ID vault to set the challenge response. They can then change the location back to their local tree and log in.
1. In the client's properties go to the 'location profiles' tab.
2. Add a second profile - e.g., 'forgotten password'.
3. Set the parameters for this to point to your central ID vault.
4. Add the idvault to your list of LDAP contextless login configs.
If users forget their passwords, they can select the forgotten password location from the initial login box. This will let them use the forgotten password link in the client to reset their ID vault password. This should then synch back to their local eDirectory system.
They then need to change the login location back to their local tree and hopefully log in with the new password. The user does have to 'fiddle' a bit, but it seems the best option until we can sync challenge responses. Note that the local eDirectory does NOT use the challenge response mechanism - only the ID vault.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.