We have two eDirectory trees (metadirectory and production) and they're
connected with an edir-edir driver.

The metadirectory tree is authoritative for all the attributes
including the password and the driver is configured to reset when a
modification is made on the production tree.

Universal Password is up and configured with the same password policy.
It's configured to not repeat the last 30 passwords.

The driver is working ok except for the password syncronization:

- When a password change is made on the metadirectory it synchronizes
to the production tree.

- When a password change is made on the production tree it show the

This error is due to the password history list because the driver is
configured to do a reset of the password. Is there any way to do this
reset without the "duplicate password" error?

The reset is made through a rule in a Command Transformation policy:

<rule name="sub-ctp-ResetPassword">
<description>Reset Password</description>
<if-op-attr name="nspmDistributionPassword" op="available"/>
<do-set-local-variable name="pwd_old" scope="policy">
<token-dest-attr name="nspmDistributionPassword"/>
<if-op-attr mode="case" name="nspmDistributionPassword"
<token-local-variable name="pwd_old"/>

I have read that a solution is that the driver does not use the
Distribution Password but I don't know how to cofigure the driver to do

Many thanks.

