IDM 3.6 is running on Windows 2008 R2 domain controller. eDirectory is
installed on the DC and it has a replica of all partitions. The driver
is configured as Native - not as a remote loader. There is nothing in
the Authentication ID or Authentication context fields. Attributes
synchronize fine in both directions except for the password, which is
not synchronizing from AD to eDir. The password filter is installed and
shows as Running on all DCs. "Application accepts passwords from
Identity Manager" and "Identity Manager accepts passwords from
application" are set to True. "Publish passwords to NDS password" is
false, "Publish passwords to Distribution Password" is true. The UP
policy assigned to the user in eDir has "Synchronize NDS password when
setting Universal Password" checked. I tried changing "Publish passwords
to NDS password" to true in the driver, but it didn't make a
difference.

A level 5 trace from the driver shows:

[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: Publisher Poll
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: get object changes -
0x0000
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: process object change
entry
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: Processing change from AD:
isDeleted: NULL, whenCreated NULL, name NULL
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: Publisher MODIFY
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: Publisher Modify-
effectiveClassQuery dn=CN=test
test,OU=Migration,OU=Users,OU=CALDOJ,DC=<redacted> ,DC=<redacted>,DC=local
className=user
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: description
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: dirxml-uACAccountDisable
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: displayName
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: extensionAttribute1
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: facsimileTelephoneNumber
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: givenName
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: initials
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: l
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: logonHours
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver: mail
[05/28/13 15:04:20.782]:IDV2AUTH PT:ADDriver:
physicalDeliveryOfficeName
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: postOfficeBox
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: postalCode
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: sAMAccountName
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: sn
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: st
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: streetAddress
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: telephoneNumber
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: title
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: userPrincipalName
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD]
PasswordSync::getUserData()
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD]
PasswordSync::getUserData().... checking that RPC Server is listening
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD]
PasswordSync::getUserData().... checking that RPC Server is listening
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
PassSyncCache::GetPwdInfoByUser()
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
PassSyncCache::GetPwdInfoByUser() Looking for specific Username[testb]
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
GetPwdInfoByUser() - open the cache. Key =
SOFTWARE\Novell\PassSync\Data\<domain name redacted>
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
GetPwdInfoByUser() - acquire the mutex.
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
GetPwdInfoByUser() - mutex acquired.
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
GetPwdInfoByUser() - get number of registry keys.
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
GetPwdInfoByUser() - dwSubKeys[0] dwPrefMaxEntries[1]
*lpdwResumeHandle[0] lpszUserName[testb].
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
GetPwdInfoByUser() - release the mutex.
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
GetPwdInfoByUser() - mutex released.
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
GetPwdInfoByUser() - close the cache.
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
PassSyncCache::GetPwdInfoByUser() returned 0x00000000
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD]
PasswordSync::getUserData() returned 0x00000000
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
PassSyncCache::FreeSyncData()
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD 6008]
PassSyncCache::FreeSyncData() returned.
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD] PasswordSync::
DataEnum()
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD] PasswordSync::
DataEnum().... checking that RPC Server is listening
[05/28/13 15:04:20.798]:IDV2AUTH PT:ADDriver: [PWD] PasswordSync::
DataEnum().... checking that RPC Server is listening
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008]
PassSyncCache::GetPwdInfo()
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008]
PassSyncCache::GetPwdInfo() Looking for specific Username[(null)]
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008]
PassSyncCache::GetPwdInfo() Logging Success to eventlog
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008] GetPwdInfo() -
open the cache. Key = SOFTWARE\Novell\PassSync\Data\<domain name
redacted>
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008] GetPwdInfo() -
acquire the mutex.
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008] GetPwdInfo() -
mutex acquired.
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008] GetPwdInfo() -
get number of registry keys.
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008] GetPwdInfo() -
dwSubKeys[0] dwPrefMaxEntries[-2] *lpdwResumeHandle[0]
lpszUserName[(null)].
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008] GetPwdInfo() -
Query only returned 0.
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008] GetPwdInfo() -
release the mutex.
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD 6008] GetPwdInfo() -
mutex released.
[05/28/13 15:04:20.813]:IDV2AUTH PT:ADDriver: [PWD] PasswordSync::
DataEnum() returned 0x00000000

I am unsure if the level 5 trace is indicating a problem or not. Any
suggestions?


--
ambradley
------------------------------------------------------------------------
ambradley's Profile: https://forums.netiq.com/member.php?userid=177
View this thread: https://forums.netiq.com/showthread.php?t=47854