My edir driver is throwing this up, hence this forum, but I'm fairly
sure its a NMAS setup problem.
This is in my development ID vault, which has been through some big
changes recently having removed the last Netware server from it, so the
very smart money is something is stuffed up with NMAS. The trouble is I
touch NMAS so rarely I'm not great on the subtleties.

The test system has fewer NMAS methods installed than live, to wit only

CertMutual
Challenge Response
DIGEST-MD5
GSSAPI
Macintosh Native File Access
NDS
Simple Password
Windows Native File Access

In particular I note the live tree also has NDS Changepassword and
EnhancedPassword methods installed.

Anyway, here's an extract from the trace which seems to show all that's
relevant.

<modify class-name="User"
dest-dn="\ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef" from-reset="true"
qualified-src-dn="O=ORGCC\OU=Nth\OU=Nor\OU=CH\OU=LEG\CN=abcdef"
src-dn="\TST65-TREE\ORGCC\Nth\Nor\CH\LEG\abcdef" src-entry-id="44152">
<association
state="associated">{8C6A29F9-46E8-df11-88C6-000255AC38E3}</association>
<modify-attr attr-name="nspmDistributionPassword"><!-- content
suppressed -->
</modify-attr>
</modify>
<modify-password class-name="User"
dest-dn="\ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef"
qualified-src-dn="O=ORGCC\OU=Nth\OU=Nor\OU=CH\OU=LEG\CN=abcdef"
src-dn="\TST65-TREE\ORGCC\Nth\Nor\CH\LEG\abcdef" src-entry-id="44152">
<association>{8C6A29F9-46E8-df11-88C6-000255AC38E3}</association>
<password/>
</modify-password>
</input>
</nds>
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Filtering out notification-only
attributes.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Pumping XDS to eDirectory.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Performing operation modify for
\ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:--JCLNT--
\ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir : Duplicating :
context = 974520446, tempContext = 974520387
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Modifying entry
\ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User"
dest-dn="\TST65-TREE\ORGCC\Nth\Nor\CH\LEG\abcdef"
src-dn="\ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef">
<association>{8C6A29F9-46E8-df11-88C6-000255AC38E3}</association>
<modify-attr attr-name="nspmDistributionPassword"
failed-sync="true"><!-- content suppressed -->
</modify-attr>
</modify>
</input>
</nds>
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:--JCLNT--
\ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir : Calling free on
tempContext = 974520387
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Performing operation
modify-password for \ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:--JCLNT--
\ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir : Duplicating :
context = 974520446, tempContext = 974520387
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Optimize Password determined
operation not needed.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:--JCLNT--
\ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir : Calling free on
tempContext = 974520387
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:
DirXML Log Event -------------------
Driver: \ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir
Channel: Subscriber
Status: Success
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:
DirXML Log Event -------------------
Driver: \ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir
Channel: Subscriber
Status: Warning
Message: Code(-8021) Unable to set NMAS password: -1643
NMAS_E_INVALID_PARAMETER.


--
jimc
------------------------------------------------------------------------
jimc's Profile: https://forums.netiq.com/member.php?userid=238
View this thread: https://forums.netiq.com/showthread.php?t=46834