Novell is now a part of Micro Focus

Synchronizing Challenge-Response Data between IDM-Connected Trees

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 27 Sep 2006


A Forum reader recently asked:

"Does anyone know how to synchronize challenge-response data between IDM-connected trees?"


I'm sure there are others out there like us, who set their challenge responses in their central IDvault, but want users to be able to use the forgotten password link on their local tree when logging in via the Novell client. Our current solution is to provide a second login location for the client that lets the user connect to the ID vault to set the challenge response. They can then change the location back to their local tree and log in.


1. In the client's properties go to the 'location profiles' tab.

2. Add a second profile - e.g., 'forgotten password'.

3. Set the parameters for this to point to your central ID vault.

4. Add the idvault to your list of LDAP contextless login configs.

If users forget their passwords, they can select the forgotten password location from the initial login box. This will let them use the forgotten password link in the client to reset their ID vault password. This should then synch back to their local eDirectory system.

They then need to change the login location back to their local tree and hopefully log in with the new password. The user does have to 'fiddle' a bit, but it seems the best option until we can sync challenge responses. Note that the local eDirectory does NOT use the challenge response mechanism - only the ID vault.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates