Hi

I have a problem with Bi-Directional Edirectory driver.
I should migrate Production Edir accounts with password into IDM Edir,
But Driver cannot read distribution password.

I have double checked that password policy have "Allow Admin to retrieve
password and also User which is used by driver is there.
IDM driver user have full rights from root of Prod Tree.

When I start Migrate into Edir following happens:
Error message is: "ERROR : Unexpected error while retreiving password
information. Reason :"


<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" scope="subtree">
<search-class class-name="User"/>
<search-attr attr-name="CN">
<value>migtest</value>
</search-attr>
</query>
</input>
</nds>



<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20160425_0222" instance="Bi-directional eDirectory"
version="4.0.2.0">Identity Manager Bi-directional Driver for
eDirectory</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="inetOrgPerson" event-id="0"
src-dn="cn=MigTest,ou=IDM-Migraatio-Test,o=KPA">
<association
state="associated">635A3459111F134DCB99635A3459111 F</association>
</instance>
<status event-id="0" level="success"/>
</output>
</nds>


<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.5.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="User" scope="entry">
<association>635A3459111F134DCB99635A3459111F</association>
<read-attr attr-name="assistant"/>
<read-attr attr-name="assistantPhone"/>
<read-attr attr-name="businessCategory"/>
<read-attr attr-name="children"/>
<read-attr attr-name="city"/>
<read-attr attr-name="CN"/>
<read-attr attr-name="co"/>
<read-attr attr-name="company"/>
<read-attr attr-name="costCenter"/>
<read-attr attr-name="costCenterDescription"/>
<read-attr attr-name="departmentNumber"/>
<read-attr attr-name="Description"/>
<read-attr attr-name="directReports"/>
<read-attr attr-name="EMail Address"/>
<read-attr attr-name="employeeStatus"/>
<read-attr attr-name="employeeType"/>
<read-attr attr-name="Equivalent To Me"/>
<read-attr attr-name="Facsimile Telephone Number"/>
<read-attr attr-name="Full Name"/>
<read-attr attr-name="Generational Qualifier"/>
<read-attr attr-name="Given Name"/>
<read-attr attr-name="Group Membership"/>
<read-attr attr-name="homeCity"/>
<read-attr attr-name="homeEmailAddress"/>
<read-attr attr-name="homeFax"/>
<read-attr attr-name="homePhone"/>
<read-attr attr-name="homePostalAddress"/>
<read-attr attr-name="homeState"/>
<read-attr attr-name="homeZipCode"/>
<read-attr attr-name="Initials"/>
<read-attr attr-name="instantMessagingID"/>
<read-attr attr-name="Internet EMail Address"/>
<read-attr attr-name="jackNumber"/>
<read-attr attr-name="jobCode"/>
<read-attr attr-name="L"/>
<read-attr attr-name="Language"/>
<read-attr attr-name="Login Disabled"/>
<read-attr attr-name="Mailbox ID"/>
<read-attr attr-name="Mailbox Location"/>
<read-attr attr-name="mailstop"/>
<read-attr attr-name="manager"/>
<read-attr attr-name="managerWorkforceID"/>
<read-attr attr-name="mobile"/>
<read-attr attr-name="NSCP:employeeNumber"/>
<read-attr attr-name="nspmDistributionPassword"/>
<read-attr attr-name="nsRoleDN"/>
<read-attr attr-name="O"/>
<read-attr attr-name="otherPhoneNumber"/>
<read-attr attr-name="OU"/>
<read-attr attr-name="pager"/>
<read-attr attr-name="personalMobile"/>
<read-attr attr-name="personalTitle"/>
<read-attr attr-name="photo"/>
<read-attr attr-name="Physical Delivery Office Name"/>
<read-attr attr-name="Postal Address"/>
<read-attr attr-name="Postal Code"/>
<read-attr attr-name="Postal Office Box"/>
<read-attr attr-name="preferredDeliveryMethod"/>
<read-attr attr-name="preferredName"/>
<read-attr attr-name="registeredAddress"/>
<read-attr attr-name="roomNumber"/>
<read-attr attr-name="S"/>
<read-attr attr-name="SA"/>
<read-attr attr-name="Security Equals"/>
<read-attr attr-name="See Also"/>
<read-attr attr-name="siteLocation"/>
<read-attr attr-name="spouse"/>
<read-attr attr-name="Surname"/>
<read-attr attr-name="Telephone Number"/>
<read-attr attr-name="teletexTerminalIdentifier"/>
<read-attr attr-name="telexNumber"/>
<read-attr attr-name="Timezone"/>
<read-attr attr-name="Title"/>
<read-attr attr-name="tollFreePhoneNumber"/>
<read-attr attr-name="UID"/>
<read-attr attr-name="uniqueID"/>
<read-attr attr-name="userCertificate"/>
<read-attr attr-name="vehicleInformation"/>
<read-attr attr-name="workforceID"/>
</query>
</input>
</nds>


[06/08/16 19:36:06.838]:Bi-directional eDirectory ST:Bi-directional
eDirectory: LDAP Search
base=O=nn
scope=2
filter=guid=\63\5A\34\59\11\1F\13\4D\CB\99\63\5A\3 4\59\11\1F
attrs=[dn]
attrsOnly=false
[06/08/16 19:36:06.875]:Bi-directional eDirectory ST:Bi-directional
eDirectory: LDAP Search
base=cn=MigTest,ou=IDM-Migraatio-Test,o=nn
scope=0
filter=(objectclass=*)
attrs=[assistant, assistantPhone, businessCategory, children, city,
cn, co, company, costCenter, costCenterDescription, departmentNumber,
description, directReports, eMailAddress, employeeStatus, employeeT
ype, equivalentToMe, facsimiletelephonenumber, fullName,
generationQualifier, givenname, groupMembership, homeCity,
homeEmailAddress, homeFax, homePhone, homePostalAddress, homeState,
homeZipCode, initials,
instantMessagingID, mail, jackNumber, jobCode, l, Language,
loginDisabled, mailboxID, mailboxLocation, mailstop, manager,
managerWorkforceID, mobile, NSCP:employeeNumber, nsRoleDN, O,
otherPhoneNumber, ou, p
ager, personalMobile, personalTitle, photo, physicalDeliveryOfficeName,
postaladdress, postalCode, postOfficeBox, preferredDeliveryMethod,
preferredName, registeredAddress, roomNumber, st, street, securityEq
uals, See Also, siteLocation, spouse, sn, telephonenumber,
teletexTerminalIdentifier, telexNumber, Timezone, title,
tollFreePhoneNumber, UID, uid, usercertificate, vehicleInformation,
workforceID, objectclas
s]
attrsOnly=false
[06/08/16 19:36:06.894]:Bi-directional eDirectory ST:Bi-directional
eDirectory: Query.queryOperation() result=dn:
cn=MigTest,ou=IDM-Migraatio-Test,o=nn
securityEquals: cn=Everyone,o=nn
securityEquals: cn=Migraatio-testi,ou=IDM-Migraatio-Test,o=nn
ou: Tenholantien toimipaikka
eMailAddress: 7#Veli-Matti.Luotonen@nnn.fi
cn: MigTest
l: Tenholantie
UID: migtest
mail: Testaus.migraatio@keskuspuisto.fi
description: IDM-projektin perustunnus Test Migration
groupMembership: cn=Everyone,o=nn
groupMembership: cn=Migraatio-testi,ou=IDM-Migraatio-Test,o=nn
sn: Migraatio
fullName: Testaus Migraatio
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: ndsLoginProperties
objectclass: Person
objectclass: Top
objectclass: DirXML-Identity
objectclass: DirXML-PasswordSyncStatusUser
givenname: Testaus



[06/08/16 19:36:06.957]:Bi-directional eDirectory ST:Bi-directional
eDirectory: Querying for the GUID : GUID is
1EFE040D352B994070951EFE040D352B
[06/08/16 19:36:06.962]:Bi-directional eDirectory ST:Bi-directional
eDirectory: *ERROR : Unexpected error while retreiving password
information. Reason :*
[06/08/16 19:36:06.964]:Bi-directional eDirectory
ST:SubscriptionShim.execute() returned:
[06/08/16 19:36:06.965]:Bi-directional eDirectory ST:



So User gets the default password -
So I am stuck now in the migration in this step
What could cause this ?


Kind Regards
Veli-Matti


--
vm_luotonen
------------------------------------------------------------------------
vm_luotonen's Profile: https://forums.netiq.com/member.php?userid=2726
View this thread: https://forums.netiq.com/showthread.php?t=56003