I'm hoping those of you out there can help me with this.

Setup :

IDVault running on SLES 10, with edir 8.7.3.9, SSP 204 installed and iman
2.6
Production tree : Netware 65sp6, edir 8.7.3.9, SSP204 installed and iman
2.6

NMAS methods installed universal passwords working etc etc

Designer is version 2.0.0 Build id: 20070315

Right the problem lies within the SSL certificates.

If i choose not to have SSL enabled then the syncronisation between the 2
vaults works perfectly. If i then do one of the following :
Use designer to create nds-to-nds certificates, or if i do them manually
as in a TID provided by novell or if i do them using the wizard in either
imanager from either tree i get the following trace errors. I have
searched and searched and not convinced there is an answer to this.

The SLES box is newly configured, pretty much standard stuff.

I downloaded SDIdiag and ran from a windows box which returned with no
errors, the same with pkidiag and sdidiag from the netware server, all
good.

I have no idea why the certificates wouldnt work. Console one ev en says
there valid. IDM however does not like them.

I need it working as i need passwords to by syncronised between the tree's

Please help




Trace :

16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Filtering out notification-
only attributes.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Pumping XDS to eDirectory.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Performing operation status
for .
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT:
DirXML Log Event -------------------
Driver: \UCCHI\UCCHI\Services\eDirDriverSet\IDM Vault Driver
Channel: Publisher
Status: Error
Message: java.io.IOException: SSL handshake failed, SSL_ERROR_SYSCALL,
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
record mac
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Fixing up association
references.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: No schema mapping policies.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Applying output
transformation policies.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: 'Email
notifications for failed password publications'.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Send e-mail for a failed publish password operation'.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable 'notify-
user-on-password-dist-failure' equal "true") = TRUE.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation
equal "status") = TRUE.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: (if-xpath true "self::status
[@level != 'success']/operation-data/password-publish-status") = FALSE.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="0" level="success"></status>
</output>
</nds>
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="0" level="success"></status>
</output>
</nds>
16:03:19 9CF2D160 Drvrs: IDM Vault Driver PT: : Need new connection;
Waiting for remote Subscriber to connect...
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Receiving DOM document from
application.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying input
transformation policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: 'Email
notifications for failed password subscriptions'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Send e-mail on a failure when subscribing to
passwords'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable 'notify-
user-on-password-dist-failure' equal "true") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation
equal "status") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-xpath true "self::status
[@level != 'success'][text() != '']/operation-data/password-subscribe-
status/association[text() != '']") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Send e-mail on failure to reset connected system
password using the Identity Manager data store password'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable 'notify-
user-on-password-dist-failure' equal "true") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation
equal "status") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-xpath true "self::status
[@level != 'success']/operation-data/password-reset-status") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: No schema mapping policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Resolving association
references.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: No event transformation
policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying publisher filter.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Publisher processing status
for .
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying command
transformation policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: 'Publish
Passwords'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Block publishing passwords to Identity Manager data
store when adding a object'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable 'enable-
password-publish' equal "false") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Block sending modify-password changes to the Identity
Manager data store'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable 'enable-
password-publish' equal "false") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: 'Publish
passwords to NMAS distribution password'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Add nspmDistributionAttribute attribute to add
operation'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-
variable 'publish-password-to-dp' equal "true") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "add")
= FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Change modify-password operations to a modify'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-
variable 'publish-password-to-dp' equal "true") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "modify-
password") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: 'Publish
passwords to NDS password.'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Block publishing passwords to NDS password'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-
variable 'publish-password-to-nds' equal "false") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "add")
= FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Block sending modify-password changes to the NDS
password'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-
variable 'publish-password-to-nds' equal "false") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "modify-
password") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: 'Publish
password payloads'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Add operation-data element to password operations'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "add")
= FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "add")
= FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "modify-
password") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation
equal "modify") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Add payload data to password operations'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "add")
= FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "add")
= FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "modify-
password") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation
equal "modify") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: Password
(Pub)-Password Expiration Time.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Password Expiration Time'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-op-
attr 'nspmDistributionPassword' available) = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: Add
Container.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Command Transformation - Create Departmental
Container - Part 1'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "add")
= FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Command Transformation - Create Departmental
Container - Part 2'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-local-variable 'does-
target-exist' available) = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: veto
Deletes - Temporary.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Command Transformation - Publisher Delete to Disable'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation
equal "delete") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: Email New
User Details.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Email Creation Details to IT Dept'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation equal "add")
= FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0">
<source>
<product instance="IDM Vault Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_SYSCALL, error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac</status>
</input>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Filtering out notification-
only attributes.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Pumping XDS to eDirectory.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Performing operation status
for .
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
DirXML Log Event -------------------
Driver: \UCCHI\UCCHI\Services\eDirDriverSet\IDM Vault Driver
Channel: Publisher
Status: Error
Message: java.io.IOException: SSL handshake failed, SSL_ERROR_SYSCALL,
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad
record mac
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Fixing up association
references.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: No schema mapping policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying output
transformation policies.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying policy: 'Email
notifications for failed password publications'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Applying to status #1.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Evaluating selection
criteria for rule 'Send e-mail for a failed publish password operation'.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-global-variable 'notify-
user-on-password-dist-failure' equal "true") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-operation
equal "status") = TRUE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: (if-xpath true "self::status
[@level != 'success']/operation-data/password-publish-status") = FALSE.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Rule rejected.
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: Policy returned:
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="0" level="success"></status>
</output>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="0" level="success"></status>
</output>
</nds>
16:03:49 9CF2D160 Drvrs: IDM Vault Driver PT: : Need new connection;
Waiting for remote Subscriber to connect...


Trace from idvault side

16:05:44 95099BA0 Drvrs: eDirectory Driver ST: No schema mapping policies.
16:05:44 95099BA0 Drvrs: eDirectory Driver ST: Resolving association
references.
16:05:44 95099BA0 Drvrs: eDirectory Driver ST: Requesting 30 second retry
delay.
16:05:44 95099BA0 Drvrs: eDirectory Driver ST:
DirXML Log Event -------------------
Driver: \IDVAULT\idm\Services\IDMDriverSet\eDirectory Driver
Channel: Subscriber
Status: Retry
Message: Code(-9006) The driver returned a "retry" status indicating that
the operation should be retried later. Detail from driver:
java.io.IOException: SSL handshake failed, SSL_ERROR_ZERO_RETURN,
error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Start transaction.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Processing events for
transaction.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28" qualified-
src-dn="O=idm\OU=Students\CN=testuser" src-
dn="\IDVAULT\idm\Students\testuser" src-entry-id="33005"
timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-AC7D-000BCD9E83F6}
</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying event
transformation policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy: Scope
Filtering.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Event Transformation - Scope Filtering - Include
subtree(s)'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-src-dn not-in-
subtree "idm\Staff") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-src-dn not-in-
subtree "idm\Students") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28" qualified-
src-dn="O=idm\OU=Students\CN=testuser" src-
dn="\IDVAULT\idm\Students\testuser" src-entry-id="33005"
timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-AC7D-000BCD9E83F6}
</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Subscriber processing
modify for \IDVAULT\idm\Students\testuser.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying command
transformation policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying
policy: 'Transform NMAS attribute to password elements'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Convert adds of the nspmDistributionPassword attribute
to password elements'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal "add")
= FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Block modifies for failed password publish operations
if reset password if false'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-variable 'reset-
external-password-on-failure' equal "false") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Convert modifies of a nspmDistributionPassword
attribute to a modify password operation'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation
equal "modify") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-op-
attr 'nspmDistributionPassword' available) = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Block empty modify operations'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation
equal "modify") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-xpath not-true "modify-
attr") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28" qualified-
src-dn="O=idm\OU=Students\CN=testuser" src-
dn="\IDVAULT\idm\Students\testuser" src-entry-id="33005"
timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-AC7D-000BCD9E83F6}
</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy: Password
(Sub)-Default Password Policy.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'On User add, provide default password of Dirxml1 if
none exists'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal "add")
= FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28" qualified-
src-dn="O=idm\OU=Students\CN=testuser" src-
dn="\IDVAULT\idm\Students\testuser" src-entry-id="33005"
timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-AC7D-000BCD9E83F6}
</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying
policy: 'Subscribe to password changes'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Block subscribing to passwords when objects are added'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-
variable 'enable-password-subscribe' equal "false") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Block subscribing to password modifications'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-
variable 'enable-password-subscribe' equal "false") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28" qualified-
src-dn="O=idm\OU=Students\CN=testuser" src-
dn="\IDVAULT\idm\Students\testuser" src-entry-id="33005"
timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-AC7D-000BCD9E83F6}
</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy: 'Payloads
for subscribe to password changes'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Add operation-data element to password subscribe
operations'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal "add")
= FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation
equal "modify-password") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Add payload data to a reset password from a failed
password publish operation'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation
equal "modify-password") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Add operation-data element to password subscribe
operations'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation equal "add")
= FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation
equal "modify-password") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28" qualified-
src-dn="O=idm\OU=Students\CN=testuser" src-
dn="\IDVAULT\idm\Students\testuser" src-entry-id="33005"
timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-AC7D-000BCD9E83F6}
</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Filtering out notification-
only attributes.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Fixing up association
references.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: No schema mapping policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying output
transformation policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy: 'Email
notifications for failed password publications'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to modify #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Send e-mail for a failed publish password operation'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-
variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation
equal "status") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28" qualified-
src-dn="O=idm\OU=Students\CN=testuser" src-
dn="\IDVAULT\idm\Students\testuser" src-entry-id="33005"
timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-AC7D-000BCD9E83F6}
</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Submitting document to
subscriber shim:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0" ndsversion="8.x">
<source>
<product version="3.0.10.20060630 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="IDM1#20070404105434#1#28" qualified-
src-dn="O=idm\OU=Students\CN=testuser" src-
dn="\IDVAULT\idm\Students\testuser" src-entry-id="33005"
timestamp="1175766439#2">
<association state="associated">{80ABFD39-CEE1-db11-AC7D-000BCD9E83F6}
</association>
<modify-attr attr-name="CN">
<remove-value>
<value timestamp="1175684074#28" type="string">sdfds</value>
</remove-value>
<add-value>
<value timestamp="1175766439#2" type="string">sdfdsASSA</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: : Need new connection.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: : Connecting to remote
Publisher at 194.66.216.251:8196
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: : Creating an NTLSSocket
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: SubscriptionShim.execute()
returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0">
<source>
<product instance="eDirectory Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="retry" type="app-connection">java.io.IOException: SSL
handshake failed, SSL_ERROR_ZERO_RETURN, error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac</status>
</output>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying input
transformation policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying policy: 'Email
notifications for failed password subscriptions'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Applying to status #1.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Send e-mail on a failure when subscribing to
passwords'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-
variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation
equal "status") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-xpath
true "self::status[@level != 'success'][text() != '']/operation-
data/password-subscribe-status/association[text() != '']") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Evaluating selection
criteria for rule 'Send e-mail on failure to reset connected system
password using the Identity Manager data store password'.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-global-
variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-operation
equal "status") = TRUE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: (if-xpath
true "self::status[@level != 'success']/operation-data/password-reset-
status") = FALSE.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Rule rejected.
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: Policy returned:
16:06:14 95099BA0 Drvrs: eDirectory Driver ST:
<nds dtdversion="3.0">
<source>
<product instance="eDirectory Driver" version="3.0.10.20060630 ">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="retry" type="app-connection">java.io.IOException: SSL
handshake failed, SSL_ERROR_ZERO_RETURN, error:140943FC:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad record mac</status>
</output>
</nds>
16:06:14 95099BA0 Drvrs: eDirectory Driver ST: No schema mapping policies.
16:06:14 95099BA0 Drvrs: eDirectory Driver