Configuring the Form Property

You must ensure that Identity Manager does not propagate user password changes to Directory Server, but only to Active Directory. You must also ensure that Identity Managerrelies on Identity Synchronization for Windows to propagate the password changes to Directory Server.

To prevent a resource from being displayed in the table of resources where password changes occur, add the following form property to any form that is used for changing a user's password.

<Properties\>
   <Property name='Exclude'\>
      <list\>
         /<new class='com.waveset.object.AttributeCondition'\>
            <s\>id</s\>
            <s\>equals</s\>
            <s\>#ID#50D9481DC6C43026:3BB34:FFB73A9286:-7FC0</s\>
         </new\>/
       </list\>
   </Property\>
</Properties\>

The resource can be excluded by id (as shown in the form), by name (a string), or by type (also a string). The forms to which this property must be included are as follows:

• Change User Password Form

• Change My Password Form

• Change Password Form

• Expired Login Form

• Reset User Password Form

• Tabbed User Form

If some of these forms already include the form property, only the new attribute condition needs to be added (from the XML fragment in this procedure).

In multiple attribute condition scenarios, the forms are and'ed together (they cannot be or'ed). For example, if the Change My Password Form and Change Password Form already include an attribute condition to exclude disabled resources, and the id condition is added, a resource will only be excluded if it meets both conditions, that is, it is disabled and has the ID you entered.

If a form does not already include the Exclude property, add it by copying the full XML fragment in this procedure or add the <Property name=Exclude\>, if a <Properties\> block already exists.