Good afternoon.

In my IDM architecture I have an eDir to eDir driver between the vault
and tree but I am having a problem where my password policy related
attributes are not synching back to the vault only on add operations. So
my account gets created in the vault via the POSFT driver, it then gets
created in the Tree...and the password expiration attributes are all set
correctly in the tree; however those particular attributes are not
getting synched back to the vault. The account both in the Vault and
Tree have the password policies applied (verified by using iManager and
viewing policy assignments). If I do a migrate on the user from the
vault to the tree, then the password expiration attributes get updated
on my account in the vault. This is only happening on add' on
that user when I am doing a migrate, it doesn't matter if I remove the
association in the vault or not before the migrate, it updates the
attributes in the vault correctly either way. This is only happening
when the account doesn't exist in the tree and therefore it is an add
and has to be created....that the password attributes aren't synching
back to the account in the vault. I would post a trace but there are no
errors at all. Has anyone seen this before. It seems it has been this
way for a long time and we never knew it, so yes we now have a lot of
accounts in the vault that do not have password expirations on them but
yet they do in the tree. Thanks in advance.

wferguson's Profile:
View this thread: