Preparing to Use Identity Manager Password Synchronization and Universal Password

In this section:


Switching Users from NDS Password to Universal Password

When you turn on Universal Password for a group of users by using a Password Policy, the user needs the Universal Password to be populated.

If you have previously been using Password Synchronization to update the NDS password, you need to plan for the transition of user's passwords. To switch to using Universal Password, you can do one of the following things to have your users create a Universal Password:


Changing Passwords Using the iManager Self-Service Console or Novell Client

When a user changes a password in iManager, the iManager self-service console, and the Novell Client, the Advanced Password Rules from the Password Policy are displayed. This allows the user to create a compliant password without needing to guess at the rules.

Depending on how your password flow is set up, a user could change a password on a connected system and it would be synchronized to Identity Manager and other connected systems. However, the connected systems don't display the Advanced Password Rules when the user changes a password.

If you want to enforce Advanced Password Rules and avoid noncompliant passwords, it's best to require users to change the password only in the iManager self-service console or Novell Client, or at least make sure the Advanced Password Rules are well publicized for users.

On a connected system, the user is allowed to change the password without viewing the Password Policy rules, and might not remember the rules correctly. Only the policies of the connected system itself will be enforced when users first make the change. The following issues might occur for the user when creating a noncompliant password on a connected system, depending on your Identity Manager settings:


Preparing to Use Universal Password

Most of the information you need is in "Deploying Universal Password" in the Novell Modular Authentication Services (NMAS) 2.3 Administration Guide.

In addition, keep in mind the following:


Replica Planning and Password Policies

Password Policies are assigned with a tree-centric perspective. By contrast, Password Synchronization is set up per driver, and drivers are installed on a per-server basis and can manage only those users who are in a master or read/write replica. To get the results you expect from Password Synchronization, make sure the containers that are in a master or read/write replica on the server running the drivers for Password Synchronization match the containers where you have assigned Password Policies with Universal Password enabled. Assigning a Password Policy to a partition root container ensures that all users in that container and subcontainers are assigned the Password Policy.


Setting Up E-Mail Notification

To use the e-mail notification feature, you must do the following:

Follow the instructions in Configuring E-Mail Notification.