I'm not seeing any new configuration for this portlet since I last looked
at it a while back in UA351. I was hoping RBPM37 would have some updates.

What I have is a bunch of IDM drivers, many of which do support password
synchronization. But not all users necessarily get provisioned to all
systems, so many password changes result in a status of "vetoed by
policy". The result is that a single test user I have here looks like:


dn: cn=Z025853,ou=Users,o=NIU
dirxml-passwordsyncstatus:
DCF3520782E5C14DA25BFBCEB236AD3B200911042119344790 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
BA91D6279CAB5E479256FFAEDB4EF019200911042119348070 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
6D7C1915DED7944D99829143B7DB5CC0200911042119348540 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
662CAF0148C5554D83C208916D8B5204200911042119350570 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
5B97D0602FF0914A89DDC3DE74338CB3200911042122503780 0
0000000000
dirxml-passwordsyncstatus:
ABB5316AC6A94648D48FABB5316AC6A9201004021845448150 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
F1535E6EF5221D43A2560E902125EB8B201004142111284370 0
0000000000Could not set password via platform call.
Err=2245 (password invalid)
dirxml-passwordsyncstatus:
00D857151826DA119691001185BD6EF7201004161423507650 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
808C1B1A1626DA119691001185BD6EF7201004161423560750 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
80D7D1811626DA119691001185BD6EF7201004161423561130 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
FC75F149F2259D45E486FC75F149F225201004162014117960 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
0AA00209A531EE40ADF4D129D11C7B8B201004162014126740 0
0000000004
dirxml-passwordsyncstatus:
25EECB6D8138D84F9FAD25EECB6D8138201004162014127490 0
0000000004
dirxml-passwordsyncstatus:
8E824D2F242FCC44AC168F7573C2ABC1201004162014495930 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
E2A85F7915513241AC01CFB8BDC90EF0201004162014495000 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
D7C127931BEC3F449C5A4C450DD4D966201004162014497030 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
90949842C6AF6D44AD796E54CBD9C0F5201004162014498430 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
ACFF886F84F0D5439BA4FE9CC7C37C0F201004162014499840 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
10BCCA90B5A4C74494C1F6F5B5974BF6201004162014501400 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
CBA8D6AF13AECE4C9932358E0EC4D69B201004162014502960 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
7B160EB070F5B544A0AEB172A02953F8201004162014504370 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
9FFFAAF9AD93744183CC8AD1ED432326201004162014506250 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
A6EAA1D5B081374BA6D727BB3FF8F604201004162014505460 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
167E14FF72A1014CB3C21EFB5A5101A5201004162014507340 0
0000000001Code(-8032) Operation vetoed by policy.
dirxml-passwordsyncstatus:
78D9965B7E9EFB45BECB799285687442201004162014511710 0
0000000004
dirxml-passwordsyncstatus:
806D3E511726DA119691001185BD6EF7201004162013467840 0
0000000001Code(-8032) Operation vetoed by policy.


Having configured RBPM to check status on some of my drivers, the result
for the user looks like:

http://www.zaccaria-pinball.com/temp/pwsyncstataus.png

See all of those "Warning" statuses? That's the problem. The users are
going to be confused by this. They're going to call the helpdesk to
report that they're "having password problems". The helpdesk is going to
complain at me that passwords aren't synchronizing. Things are going to
go downhill from there.

What would be ideal is if RBPM wouldn't show the drivers for which the
user has 0001 as the Status and "Code(-8032) Operation vetoed by policy."
as the Message part of the DirXML-PasswordSyncStatus attribute. If that's
not possible, just leaving those drivers greyed-out in the status display
and showing nothing for them would be ok, I think.

On the plus side, I like the Success and Error status displays here. ;-)

Any chance of this being possible and I'm just not seeing it? Or should I
just head over to www.novell.com/rms now?


--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.