User Application#

Novell provides the User Application with their IDM 3.x product purchase. The "User Application", terrible name, but it provides functionality that will cover most peoples requirements with only the effort of installing and configuration. The application runs on JBOSS (engine provided with the product, or the applications can be installed on WEBSphere. http://www.novell.com/products/identitymanager/password.html

There are two versions of the "User Application":

• Basic User Application comes with IDM
• Role Based Provisioning Module (RBPM), includes work-flow management is available for extra cost.

Password Management is available within both versions.

If you are not happy with the functions or appearance of the User Application, Novell has exposed a WSDL in the Role Based Provisioning Module (RBPM) for you to still access the User Application Web Service

PWM#

A servlet and JSP application that will work with the Universal Password Policy and provides lots of configuration options. Utilizes formatting via css and is flexible.

PWM has a much improved layout in the latest builds.

The PWM Admin Guide

We have used the PWM application and it will work well for most operations.

Limitations and Anomalies#

There are a couple of minor limitation in PWM that we have discovered. However, to help prevent you from having to do the research or find out the hard-way, we will provide you what we found.

NMAS responses#

PWM is only able to utilize existing stored NMAS responses for forgotten passwords when Novell UserApp (RBPM) is available. PWM utilizes web services available in IDM UserApp to validate user responses. This feature is optional. If UserApp is not available, PWM will use it’s own saved challenge/responses for user response validation.

As a note, the LDIF files provided, which set make schema modifications, create a proxy user and set the basic ACLs, are well written and are excellent to use for a guideline. You will need to do at least minor modifications to the files for your particular implementation.

If these items are not an issue for you, we recommend you use PWM!

Demo Sites#

There is a PWM public demo site.

We have an older demo site for PWM that might be working.

Support#

Open Source and only support is through User forums or we can probably help if you need it.

Automated Password Self Service#

We were been asked by several companies create Automated Password Self Service to reduce their help desk calls that were based on password changes and password reset requests.

Migrating NIS Passwords To Universal Password#

Objective was to eliminate NIS with as little impact to users as possible.

Client Login Extension#

The Client Login Extension for Novell® Identity Manager 3.5.1 and later facilitates password self-service by adding a link to the Novell and Microsoft* GINA login clients.

Password Flow From Active Directory to eDirectory#

Just some notes on the Password Flow From Active Directory to eDirectory

More Information#

There might be more information for this subject on one of the following:

• Automated Password Self Service
• Knowledge-Based Authentication
• LDAP Tools From Others
• Password Expiration
• Password Management
• Universal Password Policy Definitions
• Universal Second Factor Challenges