Hi,

My Customer have IDM 4.6 with eDir 9.0.2 HF2 in SLES 12SP2

They have a password policies with:

- Novell syntax
- Exclude the following passwords: Peru, Lima,
- Exclude password that match attribute values: CN
- Password Length: Min = 8 , Max 12

They develop Delimited text driver for User Creation and in the Pub-CTP exists following rule:

<rule>
<description>On User add, provide default password if none exists</description>
<conditions>
<and>
<if-operation mode="nocase" op="equal">add</if-operation>
<if-class-name op="equal">User</if-class-name>
<if-password op="not-available"/>
</and>
</conditions>
<actions>
<do-set-dest-password>
<arg-string>
<token-generate-password policy-dn="\[root]\Security\Password Policies\AvPoliticaPassword"/>
</arg-string>
</do-set-dest-password>
</actions>
</rule>



When User creation is executed, They see the following error in the log and the process creation fail:


[10/20/17 16:27:17.617]:File-MID PT:Applying policy: %+C%14CPub-CTP-Password%-C.
[10/20/17 16:27:17.618]:File-MID PT: Applying to add #1.
[10/20/17 16:27:17.618]:File-MID PT: Evaluating selection criteria for rule 'On User add, provide default password if none exists'.
[10/20/17 16:27:17.620]:File-MID PT: (if-operation equal "add") = TRUE.
[10/20/17 16:27:17.621]:File-MID PT: (if-class-name equal "User") = TRUE.
[10/20/17 16:27:17.622]:File-MID PT: (if-password not-available) = TRUE.
[10/20/17 16:27:17.623]:File-MID PT: Rule selected.
[10/20/17 16:27:17.624]:File-MID PT: Applying rule 'On User add, provide default password if none exists'.
[10/20/17 16:27:17.625]:File-MID PT: Action: do-set-dest-password(token-generate-password(policy-dn="\[root]\Security\Password Policies\AvPoliticaPassword")).
[10/20/17 16:27:17.633]:File-MID PT: arg-string(token-generate-password(policy-dn="\[root]\Security\Password Policies\AvPoliticaPassword"))
[10/20/17 16:27:17.634]:File-MID PT: token-generate-password(policy-dn="\[root]\Security\Password Policies\AvPoliticaPassword")
[10/20/17 16:27:17.637]:File-MID PT:
DirXML Log Event -------------------
Driver: \PERU-TREE\servicios\DrivetSet03\File-MID
Channel: Publisher
Object: fmamani@intranet-com-pe (usuarios\inactivos\fmamani)
Status: Error
Message: Code(-9202) Error in vnd.nds.stream://PERU-TREE/servicios/DrivetSet03/File-MID/Publisher/Pub-CTP-Password#XmlData:14 : Unable to generate password: 9699 UNKNOWN ERROR
[10/20/17 16:27:17.679]:File-MID PT:Fixing up association references.
[10/20/17 16:27:17.679]:File-MID PT:Applying schema mapping policies to output.
[10/20/17 16:27:17.679]:File-MID PT:Applying policy: %+C%14CNOVLDTXTBASE-smp%-C.
[10/20/17 16:27:17.680]:File-MID PT:Applying output transformation policies.
[10/20/17 16:27:17.680]:File-MID PT:Applying XSLT policy: %+C%14CNOVLDTXTBASE-ots%-C.
[10/20/17 16:27:17.681]:File-MID PT:Policy returned:
[10/20/17 16:27:17.681]:File-MID PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="error">Code(-9202) Error in vnd.nds.stream://PERU-TREE/servicios/DrivetSet03/File-MID/Publisher/Pub-CTP-Password#XmlData:14 : Unable to generate password: 9699 UNKNOWN ERROR<application>DirXML</application>
<module>File-MID</module>
<object-dn>fmamani@intranet-com-pe (usuarios\inactivos\fmamani)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[10/20/17 16:27:17.682]:File-MID PT:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.0.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<status level="error">Code(-9202) Error in vnd.nds.stream://PERU-TREE/servicios/DrivetSet03/File-MID/Publisher/Pub-CTP-Password#XmlData:14 : Unable to generate password: 9699 UNKNOWN ERROR<application>DirXML</application>
<module>File-MID</module>
<object-dn>fmamani@intranet-com-pe (usuarios\inactivos\fmamani)</object-dn>
<component>Publisher</component>
</status>
</output>
</nds>
[10/20/17 16:27:17.691]:File-MID PT:File-MID: Renamed file path:/opt/adminFiles/inputFile/usuario4.csv.bak
[10/20/17 16:27:17.693]:File-MID PT:File-MID: File/opt/adminFiles/inputFile/usuario4.csv.bakcould not be deleted.

See complete log here


But, when the following options are removed in the Password Police, the driver works fine:

- Exclude the following passwords: Peru, Lima,
- Exclude password that match attribute values: CN


What is the causse?

How resolve this problem for the Password Policies complete Rules?

TIA