Synchronize Windows password with eDirectory password when using "Login with non-Novell Credential Provider" configuration

  • Document ID:7017914
  • Creation Date:03-Aug-2016
  • Modified Date:03-Aug-2016
    • Micro Focus Products:
      Client for Open Enterprise Server (Novell Client)

Environment

Client for Open Enterprise Server 2 SP4 (IR3)
Using a non-Novell credential provider to login

Situation

When changing password with the Novell Credential Provider, the user has the option to synchronize the Windows password with the eDirectory password. However, when using a non-Novell credential provider, this option is not available.

For example, if the eDirectory password is changed through Groupwise Webaccess, and the user subsequently logs in on a Windows workstation using the Client for Open Enterprise Server, s/he will be prompted for the eDirectory password, but this password cannot be synchronized with the Windows password.

Resolution

Beginning with Client for Open Enterprise Server 2 SP4 (IR3), a new feature has been added which will allow Windows and eDirectory passwords to be synchronized during a login where "Login with non-Novell Credential Provider" has been enabled.

The new functionality is enabled by creating a DWORD (32-bit) value of 0x1 named "Force Windows password Sync With Non-Novell Credential Provider" under the [HKEY_LOCAL_MACHINE\Software\Novell\Network Provider\Initial Login] key.  If the registry value does not exist, or is set to 0x0, the new functionality does not occur.

  • When enabled, and a "Login with non-Novell Credential Provider" login is occurring, if the password used to successfully login to eDirectory does not match the password Windows reported the Windows user account (via the non-Novell Client credential provider) logged on with, Client for OES will now initiate a Windows account password change to make the Windows password the same as the eDirectory password.  If the passwords are already identical, no new action will be taken.

  • If a failure occurs during the Windows account password change attempt, a dialog will be shown (after the eDirectory login) reporting the Windows account password change failure. To suppress this error message, create an additional registry entry of type DWORD (32-bit) value of 0x0 named "Force Windows password Sync With Non-Novell Credential Provider Show Errors" under the [HKEY_LOCAL_MACHINE\Software\Novell\Network Provider\Initial Login] key. If this value is set 0x1 then error messages are displayed to users.