I have developed a Null driver which monitors the reset of a Universal
Password by monitoring any change on the nspmDistributionPassword. We
use this to monitor the migration of NDS password to Universal Password
(all users. We use this driver to do a writeback to a custom attribute
so we can easily see wether a user has a Universal Password set.

When a modify event comes through the subscriber channel (don't know if
it is a password change, due to the nature of the error), i sometimes
get the following error:

-----------------------------
[08/06/08 11:29:55.758]:SA-ISAP-Password ST:Start transaction.
[08/06/08 11:29:55.760]:SA-ISAP-Password ST:
DirXML Log Event -------------------
Driver:
\IDVAULT-TREE\Meta\Services\DirXML\DirXML\SA-ISAP-Password
Channel: Subscriber
Status: Error
Message: Code(-9065) Unable to determine value of attribute
nspmDistributionPassword for object
\T=IDVAULT-TREE\O=Meta\OU=Users\OU=Students\OU=Active\CN=s999 9999.
[08/06/08 11:29:55.765]:SA-ISAP-Password ST:
DirXML Log Event -------------------
Driver:
\IDVAULT-TREE\Meta\Services\DirXML\DirXML\SA-ISAP-Password
Channel: Subscriber
Status: Error
Message: Code(-9065) Unable to determine value of attribute
nspmDistributionPassword for object
\T=IDVAULT-TREE\O=Meta\OU=Users\OU=Students\OU=Active\CN=s999 9999.
[08/06/08 11:29:55.768]:SA-ISAP-Password ST:Processing events for
transaction.
[08/06/08 11:29:55.769]:SA-ISAP-Password ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20080806092955.747Z" class-name="User"
event-id="isleta#20080806092955#2#1"
qualified-src-dn="O=Meta\OU=Users\OU=Students\OU=Active\CN=s9999 999"
src-dn="\IDVAULT-TREE\Meta\Users\Students\Active\s9999999"
src-entry-id="96708" timestamp="1218014995#24"/>
</input>
</nds>
[08/06/08 11:29:55.770]:SA-ISAP-Password ST:Applying event
transformation policies.
-----------------------------

The Universal Password Policy has the Advanced Password Rules enabled:
Allow admin to retrieve passwords is ON.

I checked with http://www.novell.com/coolsolutions/qna/11871.html:

- SDIDIAG gives no errors
- user has a password policy assigned
- password policy enables Universal Password
- password policy synchronizes Universal Password to Distribution and
NDS password
- the driver object has been assigned supervisor rights to the users in
question
- All replicas are R/W and healthy

I don't understand why I get this error. eDir version is 8.8 sp2 and
idm 3.5.10.16902 on SLES10

Any help would be great!

Sebastiaan


--
sveldhuisen
------------------------------------------------------------------------
sveldhuisen's Profile: http://forums.novell.com/member.php?userid=18142
View this thread: http://forums.novell.com/showthread.php?t=338969