The original problem - We wanted users to be presented with a message asking them to change their smartphone password when they change their password or enter the grace login period. This would ensure they continue to be able to access their email and provide instructions on what buttons need to be pressed to change their password, thus reducing helpdesk calls.
In the end we decided that we only wanted our message to appear when the user actually changed their password, there was no value in the password being changed during the grace period because the password won't have been changed and therefore shouldn't be changed on the smartphone until such time that the password is definitely changed.
This posed a problem as we working with the %PASSWORD_EXPIRES variable. We spent much time trying to get this working with variations of the following syntax:
if "%PASSWORD_EXPIRES" <= "1" then DISPLAY OUR MESSAGE
but the problem with this is that as soon as the password is changed the "%PASSWORD_EXPIRES" value is reset and as you go down the rest of the login script the "<= "1" is not going to have any effect.....
To resolve the problem we used the same "%PASSWORD_EXPIRES" AND the "Days between forced changes" option on the "Restrictions" tab of the user object.
We have a policy of changing the password every 40 days. Over the next 40 days this value decreases until it reaches zero. When it reaches zero the user is prompted to change their password and value is reset to 40. So rather than do something when the value is zero we have changed this to the maximum value as this is the "reset value".
IF "%PASSWORD_EXPIRES" = "40" then DISPLAY OUR MESSAGE
So the login script now reads - "This user has 40 days before they next need to change there password and therefore they must have just changed their password. Show them our message!"
Pretty neat, huh!
The only drawback with this is if they login twice on the same day they would see the same message again. But I can live with that!
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.