We are looking for a way that users...
Articles and Tips: qna
01 Nov 2002
Q.
We are looking for a way that users can reset their own password through a web-based application. This will be used primarily by people who forget their passwords, so putting in an old password and then the new password is out of the question. We want to offer some sort of password reset secret (mother's maiden name, pet's name, etc.) similar to what you see on many web sites. So when a user browses to a password reset web site, they are prompted to enter an answer to a secret question (or a couple questions), and their password gets reset so they can login.
We can't have their password emailed because we're going to be setting up LDAP authentication for GroupWise so their NDS and GroupWise passwords are the same. They wouldn't be able to get to their email if they don't know the password. Do you have any suggestions on how we could accomplish something like this? I'm wondering if it can be done through LDAP. If not, can you tell me where I might find something that could help?
A.
You should be able to reset the password via LDAP, but you have to bind to the LDAP server with a USERID that has sufficient privileges to change the password. Depending on where your web page is hosted, you might also use one of the several NDS/eDirectory APIs to reset the password.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.