I am trying to use a Ldap driver instead of the bidirectional eDir
driver to sync password from the IDM vault to the eDirectory . I can get
the password to sync but not the password expiration date from the vault
to the target

I am reformating the password expiration time and then just adding the
password expiration time to the filter and schema mapping to map
eDirectory attribute to the Ldap attribute .

The conversion works fine and everything goes well to the point when it
tries to set the expiration time on the target when I get an Invalid
Attribute Syntax (21) .
This is the rule to reformat the time
[COLOR="#FF0000"][SIZE=1]<rule>
<description>Reformat password expiration Time </description>
<conditions>
<and>
<if-op-attr name="nspmDistributionPassword" op="changing"/>
</and>
</conditions>
<actions>
<do-reformat-op-attr name="Password Expiration Time">
<arg-value type="string">
<token-convert-time dest-format="yyyyMMddhhmmss" dest-tz="UTC"
src-format="!CTIME" src-tz="UTC">
<token-src-attr name="Password Expiration Time"/>
</token-convert-time>
</arg-value>
</do-reformat-op-attr>
</actions>


Here is the log from the IDM vault side.

<attr attr-name="Password Expiration Time">
<value timestamp="1385635666#4" type="time">1390733266</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[11/28/13 04:47:51.310]:fileprint ST: Token Value:
"1390733266".
[11/28/13 04:47:51.310]:fileprint ST: Arg Value:
"1390733266".
[11/28/13 04:47:51.310]:fileprint ST: Token Value:
"20140126104746".
[11/28/13 04:47:51.311]:fileprint ST: Arg Value:
"20140126104746".
[11/28/13 04:47:51.311]:fileprint ST:
arg-string(token-convert-time(dest-format="yyyyMMddhhmmss",dest-tz="UTC",src-format="!CTIME",src-tz="UTC",token-src-attr("Password
Expiration Time")))
[11/28/13 04:47:51.312]:fileprint ST:
token-convert-time(dest-format="yyyyMMddhhmmss",dest-tz="UTC",src-format="!CTIME",src-tz="UTC",token-src-attr("Password
Expiration Time"))
[11/28/13 04:47:51.312]:fileprint ST:
token-convert-time(dest-format="yyyyMMddhhmmss",dest-tz="UTC",src-format="!CTIME",src-tz="UTC",token-src-attr("Password
Expiration Time"))
[11/28/13 04:47:51.313]:fileprint ST:
token-src-attr("Password Expiration Time")
[11/28/13 04:47:51.313]:fileprint ST: Token Value:
"1390733266".
[11/28/13 04:47:51.313]:fileprint ST: Arg Value:
"1390733266".
[11/28/13 04:47:51.313]:fileprint ST: Token Value:
"20140126104746".
[11/28/13 04:47:51.314]:fileprint ST: Arg Value:
"20140126104746".
[11/28/13 04:47:51.314]:fileprint ST:Policy returned:
[11/28/13 04:47:51.366]:fileprint ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20131128104751.156Z" class-name="User"
event-id="LINSIDMUAT4#20131128104751#2#1:596072a4-9c01-49e1-9cb3-a4726059019c"
qualified-src-dn="O=data\OU=users\OU=AP\OU=IND\CN=AH60868"
src-dn="\AONIDM2PT\data\users\AP\IND\AH60868" src-entry-id="37215"
timestamp="1385635666#6">
<association
state="associated">cn=a60868,ou=gurgaon,ou=his,o=h a</association>
<modify-attr attr-name="Password Expiration Time">
<remove-value>
<value type="string">20140126104746</value>
</remove-value>
<add-value>
<value type="string">20140126104746</value>
</add-value>
</modify-attr>
<modify-attr attr-name="nspmDistributionPassword"><!-- content
suppressed -->
</modify-attr>
</modify>
</input>

</modify>
<modify-password class-name="inetOrgPerson" event-id="pwd-subscribe"
qualified-src-dn="O=data\OU=users\OU=AP\OU=IND\CN=AH60868"
src-dn="\AONIDM2PT\data\users\AP\IND\AH60868" src-entry-id="37215">
<association>cn=a60868,ou=gurgaon,ou=his,o=ha</association>
<password><!-- content suppressed --></password>
<operation-data>
<password-subscribe-status>
<association>cn=a60868,ou=gurgaon,ou=his,o=ha</association>
</password-subscribe-status>
</operation-data>
</modify-password>
</input>
</nds>
[11/28/13 04:47:51.498]:fileprint ST:Password synchronization command
detected.
[11/28/13 04:47:51.498]:fileprint ST:Stripping operation data from input
document
[11/28/13 04:47:51.499]:fileprint ST:Aon File and print NDS: LDAP
Modify: cn=a60868,ou=gurgaon,ou=his,o=ha
LDAPModification: trace suppressed for modification to
passwordExpirationTime
LDAPModification: trace suppressed for modification to
passwordExpirationTime
[11/28/13 04:47:51.502]:fileprint ST:Aon File and print NDS:
LDAPInterface.doLDAPModify() Modify Error4: LDAPException: Invalid
Attribute Syntax (21) Invalid Attribute Syntax
LDAPException: Server Message: NDS error: no additional information
available (-306)
LDAPException: Matched DN:


--
JOYDEEP
------------------------------------------------------------------------
JOYDEEP's Profile: https://forums.netiq.com/member.php?userid=3952
View this thread: https://forums.netiq.com/showthread.php?t=49336