IDM 4.0.2 AE, SAP User Management Driver (Subscriber Only) (Password Set
Method (User Set))


Hello

The password sync between IDM and SAP working okay, but sometimes we
need to re-migrate user from Identity Vault, and we see that the driver
does not handle password-sync in re-migration process.

I have tried to write my own custom policy to do this , but it ended
with error from the sap side;


DirXML: [09/04/14 10:43:05.59]: TRACE: UserModify: Calling
SUSR_USER_CHANGE_PASSWORD_RFC
DirXML: [09/04/14 10:43:05.61]: TRACE: UserModify: Caught Exception
from SUSR_USER_CHANGE_PASSWORD_RFC, type: 'E', Message:
com.novell.nds.dirxml.driver.sapumshim.BapiExcepti on:
'PASSWORD_NOT_ALLOWED' exception while setting password. Password
violates Server security policy


My policy is on Subscriber Command Transformation and is on from top 1
in the policy



<rule>
<description>Initiated password synchronization</description>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-operation mode="case" op="equal">modify</if-operation>
<if-xpath op="true">@from-merge='true'</if-xpath>
</and>
</conditions>
<actions>
<do-set-op-property name="prop.sub.ctp.PasswordSetWthMerge">
<arg-string>
<token-text xml:space="preserve">true</token-text>
</arg-string>
</do-set-op-property>
<do-set-dest-attr-value class-name="User"
name="nspmDistributionPassword">
<arg-value type="string">
<token-src-attr class-name="User"
name="nspmDistributionPassword"/>
</arg-value>
</do-set-dest-attr-value>
</actions>
</rule>


Regards,
M.


--
belaie
------------------------------------------------------------------------
belaie's Profile: https://forums.netiq.com/member.php?userid=308
View this thread: https://forums.netiq.com/showthread.php?t=51674