Hi there,

My IDM test environment badly needs to be redone, but I have to get it working enough to test an account being created in the vault and then passed to my ldap (edir) tree. My edir-to-edir driver is So Confused. I had a problem with updating the packages in Designer and even though I imported the stuff back from the live server...dunno. But I never synced from designer back up to the live system, so it should have been ok.

Anyway. It wasn't syncing people because there was a filter block on the dirxml-passwordSyncStatus. I changed it to the normal setting. But the driver on the vault side won't shut down properly, and it didn't seem to be paying attention to the new filter setting - even though from both designer (live --> compare) and imanager POV, the filter was correct. (It still said Operation vetoed by filter.) First, it seemed to be SSL problems, so I redid those certs using the edir-to-edir cert utility. But it still seemed to not only veto that pw sync status, it seemed to completely shut down the driver in the process. I decided I'd copy the filter from the (working) production system in Designer (after saving the original). I synced it up. Then it wouldn't start because it said "Address already in use." I know this means the IP address - but I put the old filter back anyway. Still getting the address error. So now I'm just restarting this vault test server because if it's confused about the IP binding, I thought that might be a Good Thing.

So, not getting that error anymore, but still getting the "operation vetoed by filter" thing. I'm going to attach a trace and my filter xml but I guess I have to post this thread first.

Thanks in advance -
Karla B