Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

Which data bases can SSPR use for unlocking a locked account?

This document (7014243) is provided subject to the disclaimer at the end of this document.


Self Service Password Reset
SSPR 3.0


Unlocking AD accounts with SSPR
Which databases can SSPR use?
How does SSPR need to be installed to allow AD accounts to be reset  and unlocked?
Where does SSPR need to store the challenge/response questions?


There is no separate database requirement for unlocking a locked account.  Any of the supported databases will do. 

Per the online documentation, SSPR supports the following directories to store users’ challenge-responses:
 - LDAP Directory  (the primary database - eDirectory, Active Directory, or other LDAP database)
 - LocalDB   (Apache Derby database with Tomcat)
 - Database  (external RDBMS database)

Additional Information

When unlocking a locked account SSPR uses both the LDAP and the SSPR database, as is the case for all SSPR operations.  The SSPR database contains the challenge-response questions and answers, the LDAP database (typically AD or eDir) contains all other user information.  

SSPR can only use one LDAP database.  It cannot retrieve user information from one LDAP database and challenge-response information from a different LDAP database.  For example, SSPR cannot use the NMAS challenge-response questions stored in eDirectory with user information from Active Directory.  (IDM  RBPM / User App uses the NMAS challenge/ response questions and answers.)


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7014243
  • Creation Date:06-DEC-13
  • Modified Date:06-DEC-13
    • NovellSelf Service Password Reset
    • NetIQSecureLogin

Did this document solve your problem? Provide Feedback