Online Password Management
The last time I had a requirement to allow users to change passwords in the browser it was the R5 days. Back then it was still a case of us building a front-end to an agent that updated the HTTPPassword field in the user's NAB entry. The trouble with this approach being that it was anybody's guess when the change would take effect.
Web users, quite rightly, expect the change password feature to work in the same way on any site and on most sites it does. On Domino sites it's not as easy, but it seems to be getting there. The need for a change password feature has come my way again. This time it's Domino 6.5. How have things changed? Let's see.
Well, we can create custom login forms and even custom change password forms. The domcfg.nsf database allows us a lot of control. Is it enough control though?
My initial tests with the change password form show that it works, but in an odd way. The new and old passwords both work. You can log in with either. Also, if you want to change password again, straightaway, it's the old one you need to put in the change password form. Confusion ahoy.
Something else I need to do is force users to choose a 6+ character alphanumeric password. I can't see any way of doing this, even with Policy documents. The change password and password changed forms don't allow WQS/O agents, so I can't add my own logic and JavaScript is not allowed. On top of all this I also need to force users to change password on first login. For this there's a field in the Person document called "HTTPPasswordForceChange". I've tried using it but it doesn't seem to work.
I wanted to achieve all of this using standard (or maybe slightly tweaked) Domino forms and features. Instead it's starting to look more likely that still, all these years on, I need to write my own code to do it all. Surely I'm not the first person who has needed to achieve this (basic!) functionality. Anybody?
Skip to the 
You can subscribe to an individual
Jake,
We have some code (I think it originally came from the sandbox) that forces the server to update a password change immediately, i.e. so there is no 15 minute wait for it to take effect. I can send it to you, if you like.
Ben
Refresh these views. Should make sure that the changed password has effect immediately:
($Users)
($LDAPCN)
($ServerAccess)
($Groups)
I _think_ that both the old and the new password will work for some time because of caching of the old password.
I am doing some digging around the help files and finding some interesting stuff. E.g:
"You can use either your old Internet password or your new Internet password for two days after you submit a new password, provided the server you authenticate with, or HTTP, is not shut down. Otherwise, you must use your new Internet password. "
Jake, the ini parameter "HTTP_PWD_CHANGE_CACHE_HOURS" sets how long the Domino server holds onto the old password.
Not much help, but we used IIS as the http_server and used htma to change the passwords. actually worked quite well.
Could you not use a fake form to submit the change request to the change password form, therefore allowing you to use built-in length policies?
BTW, Ian has the right idea, I will most likely be creating a password management tool that uses a custom form where I can control all settings, and have an end process that creates the adminp form.
Ian/Jeff. This is what I am <s>wasting</s> spending my time on at the moment: my own front-end to the adminp password change function. It's almost there, just trying to validate alphanumericalness of the password with the Like operator in LS. More tomorrow...
I thought that refreshing the views that Jens Brnutt mentions AND sending a "tell adminp process interval" command to the server does the trick... Maybe I am wrong...
Sub Initialize
Dim session As New NotesSession
Dim books As Variant
Dim view As NotesView
Dim persondoc As NotesDocument
Dim doc As NotesDocument
Dim done As Variant
Dim person As String
books = session.AddressBooks
Set doc = session.DocumentContext
done = False
person = doc.fldComputedUserName(0)
'check all Domino Directory,
Forall b In books
If ( b.IsPublicAddressBook ) And ( Not done ) Then
Call b.Open( "", "" )
' find user in $Users view
Set view = b.GetView( "($Users)" )
Set persondoc = view.GetDocumentByKey( person )
' if find then change
If Not ( persondoc Is Nothing ) Then
persondoc.HTTPpassword = doc.fldClientPasswordEnc(0)
Call persondoc.Save(True,False)
Call view.refresh
done = True
End If
End If
End Forall
End Sub
to get it i :
- edit the doc in a frameset,
- modify post target to submit in a 0 pixel frame,
-then server side $$return javascrit (!!) window.close (if ok) or alert msgerr (if wrong)
I send the following console command whenever a new password is generated/changed: show nlcache reset
This allows the new password to be available immediately by refreshing the name-lookup cache.
I hope this helps even though it is a bit late.
I want to ask a question, "HTTP_PWD_CHANGE_CACHE_HOURS",this argument in notes.ini, this defult value is ??