iChain not redirecting user to password update screen

  • 3495905
  • 14-Jun-2007
  • 26-Apr-2012


Novell eDirectory 8.7.3 for All Platforms
Novell iChain 2.3


Even though the user's password has expired, he is not redirected to iChain's password update screen.
Users' accounts are getting locked, as they can no longer update their password.
The eDirectory server does not have a real copy of the user.


There is a work-around. Add all the replicas to the current server, or configure iChain to use a server that already has a real copy of every one.


Reported to Engineering

Additional Information

The root cause is an issue with the LDAP server. When the server does have a real copy of the user, LDAP returns the NDS error code indicating that the password has expired. Here's an example from a trace log.

13:34:44 49249BB0 LDAP: ( Sending operation
result 0:"":"NDS error: password expired (-223)" to connection 0x819d098

When the server doesn't have a real copy of the user, LDAP doesn't return the NDS error code. Here's an example from a trace log.

13:22:44 51421BB0 LDAP: ( Sending operation
result 0:"":"" to connection 0x81cb820