Self Service Password Reset
Unlocking AD accounts with SSPR
Which databases can SSPR use?
How does SSPR need to be installed to allow AD accounts to be reset and unlocked?
Where does SSPR need to store the challenge/response questions?
There is no separate database requirement for unlocking a locked account. Any of the supported databases will do.
Per the online documentation, SSPR supports the following directories to store users’ challenge-responses:
- LDAP Directory (the primary database - eDirectory, Active Directory, or other LDAP database)
- LocalDB (Apache Derby database with Tomcat)
- Database (external RDBMS database)
When unlocking a locked account SSPR uses both the LDAP and the SSPR database, as is the case for all SSPR operations. The SSPR database contains the challenge-response questions and answers, the LDAP database (typically AD or eDir) contains all other user information.
SSPR can only use one LDAP database. It cannot retrieve user information from one LDAP database and challenge-response information from a different LDAP database. For example, SSPR cannot use the NMAS challenge-response questions stored in eDirectory with user information from Active Directory. (IDM RBPM / User App uses the NMAS challenge/ response questions and answers.)
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.