Hello,
I'm using IDM 3.5.2 to sync passwords between eDir and AD. I've added
the "Sync Expired Passwords..." policy obtained from CoolSolutions. It
works from eDir to AD (i.e. if an Admin changes the Novell password, it
sets the "User must change password" flag in AD), but it is not working
as described if I change the AD password and set the "User must change
password" flag. Instead, the newly set password is synced to the Novell
account and set active for the next 90 days instead of being pushed back
to 2000/01/01.
Here is a part of my log file. Any help much appreciated.


14:26:29 96F52080 Drvrs: NYXTEST PT:Applying schema mapping policies to
input.
14:26:29 96F52080 Drvrs: NYXTEST PT:Applying policy: SchemaMapping.
14:26:29 96F52080 Drvrs: NYXTEST PT: Mapping class-name 'user' to
'User'.
14:26:29 96F52080 Drvrs: NYXTEST PT:Resolving association references.
14:26:29 96F52080 Drvrs: NYXTEST PT:Applying event transformation
policies.
14:26:29 96F52080 Drvrs: NYXTEST PT:Applying policy: Event Transform.
14:26:29 96F52080 Drvrs: NYXTEST PT: Applying to modify #1.
14:26:29 96F52080 Drvrs: NYXTEST PT: Evaluating selection criteria for
rule 'Create Password Expiration Time if appropriate'.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-op-attr 'pwdLastSet'
changing-to "0") = FALSE.
14:26:29 96F52080 Drvrs: NYXTEST PT: Rule rejected.
14:26:29 96F52080 Drvrs: NYXTEST PT: Evaluating selection criteria for
rule 'Clear Password Expiration Time if Appropriate'.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-op-attr 'pwdLastSet'
changing-from "0") = FALSE.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-op-attr 'pwdLastSet' changing)
= TRUE.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-op-attr 'pwdLastSet'
not-changing-to "0") = TRUE.
14:26:29 96F52080 Drvrs: NYXTEST PT: Rule selected.
14:26:29 96F52080 Drvrs: NYXTEST PT: Applying rule 'Clear Password
Expiration Time if Appropriate'.
14:26:29 96F52080 Drvrs: NYXTEST PT: Action:
do-clear-dest-attr-value("Password Expiration Time").
14:26:29 96F52080 Drvrs: NYXTEST PT: Evaluating selection criteria for
rule 'setup for move validation'.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-operation equal "move") =
FALSE.
14:26:29 96F52080 Drvrs: NYXTEST PT: Rule rejected.
14:26:29 96F52080 Drvrs: NYXTEST PT: Evaluating selection criteria for
rule 'setup for rename validation'.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-operation equal "rename") =
FALSE.
14:26:29 96F52080 Drvrs: NYXTEST PT: Rule rejected.
14:26:29 96F52080 Drvrs: NYXTEST PT: Evaluating selection criteria for
rule 'move or rename validation'.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-local-variable
'cached-object-value' match ".*") = FALSE.
14:26:29 96F52080 Drvrs: NYXTEST PT: Rule rejected.
14:26:29 96F52080 Drvrs: NYXTEST PT: Evaluating selection criteria for
rule 'move or rename cached context update'.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-local-variable
'cached-object-value' match ".*") = FALSE.
14:26:29 96F52080 Drvrs: NYXTEST PT: Rule rejected.
14:26:29 96F52080 Drvrs: NYXTEST PT: Evaluating selection criteria for
rule 'veto move'.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-operation equal "move") =
FALSE.
14:26:29 96F52080 Drvrs: NYXTEST PT: Rule rejected.
14:26:29 96F52080 Drvrs: NYXTEST PT: Evaluating selection criteria for
rule 'veto object rename'.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-operation equal "rename") =
FALSE.
14:26:29 96F52080 Drvrs: NYXTEST PT: Rule rejected.
14:26:29 96F52080 Drvrs: NYXTEST PT: Evaluating selection criteria for
rule 'veto Add or Delete'.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-operation equal "add") =
FALSE.
14:26:29 96F52080 Drvrs: NYXTEST PT: (if-operation equal "delete") =
FALSE.
14:26:29 96F52080 Drvrs: NYXTEST PT: Rule rejected.
14:26:29 96F52080 Drvrs: NYXTEST PT:Policy returned:
14:26:29 96F52080 Drvrs: NYXTEST PT:
<nds dtdversion="2.2">
<source>
<product version="3.5.11.20080307 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User" event-id="NYXTEST Driver##11d922b46e7##0"
src-dn="CN=Mark Gentle,OU=NYSE Users,OU=Migration,OU=Test
Support,DC=ad,DC=nyxtest,DC=com">
<association>0c25503b1fe6134796f329a1af26906b</association>
<modify-attr attr-name="pwdLastSet">
<remove-all-values/>
<add-value>
<value naming="false" type="string">128709915520936288</value>
</add-value>
</modify-attr>
<modify-attr attr-name="Password Expiration Time">
<remove-all-values/>
</modify-attr>
</modify>
</input>
</nds>
14:26:29 96F52080 Drvrs: NYXTEST PT:Applying publisher filter.
14:26:29 96F52080 Drvrs: NYXTEST PT: Filtered out <modify-attr
attr-name='Password Expiration Time'>.
14:26:29 96F52080 Drvrs: NYXTEST PT:Publisher processing modify for
CN=Mark Gentle,OU=NYSE Users,OU=Migration,OU=Test
Support,DC=ad,DC=nyxtest,DC=com.
14:26:29 96F52080 Drvrs: NYXTEST PT:Reading relevant attributes from
corp\NYXtest\GentleM.
14:26:29 96F52080 Drvrs: NYXTEST PT:[/SIZE]


--
T-MAN
------------------------------------------------------------------------
T-MAN's Profile: http://forums.novell.com/member.php?userid=10343
View this thread: http://forums.novell.com/showthread.php?t=350669