eDir 8.8 SP3, IDM 3.6 SLES 10SP2

Set up a filtered replica:
Class User
Attributes CN, GUID, DirXML-Associations, Login Disabled, Login
Intruder Attempts, Login Intruder Reset Time, all attributes starting
with nspm, Public Key, Private Key and Surname. Two eDir drivers, each
have filtered replicas with this filter in their respective trees,
trying to sync passwords.

I suspect I need something more in the filter, but I don't know what.
Any assist would be greatly appreciated. Thanx

Trace follows

[11/17/08 15:40:14.584]:AUTH-to-IDV-Priority PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify-password class-name="User"
dest-dn="APPS\DOF\NYCSERV\HLSachs" dest-entry-id="58851"
event-id="pwd-subscribe"
qualified-src-dn="O=APPS\OU=DOF\OU=NYCSERV\CN=HLSachs"
src-dn="\NYCTREELAB\APPS\DOF\NYCSERV\HLSachs" src-entry-id="120433">

<association>{FBA7D59C-A9E4-9543-6096-FBA7D59CA9E4}</association>
<password><!-- content suppressed --></password>
<operation-data>
<password-publish-status>

<association>{FBA7D59C-A9E4-9543-6096-FBA7D59CA9E4}</association>
</password-publish-status>
</operation-data>
</modify-password>
</input>
</nds>
[11/17/08 15:40:14.586]:AUTH-to-IDV-Priority PT:Applying policy:
%+C%14Cpub-ctp-PasswordExpirationTime%-C.
[11/17/08 15:40:14.586]:AUTH-to-IDV-Priority PT: Applying to
modify-password #1.
[11/17/08 15:40:14.587]:AUTH-to-IDV-Priority PT: Evaluating
selection criteria for rule 'Password Expiration Time'.
[11/17/08 15:40:14.587]:AUTH-to-IDV-Priority PT: (if-op-attr
'nspmDistributionPassword' available) = FALSE.
[11/17/08 15:40:14.587]:AUTH-to-IDV-Priority PT: Rule rejected.
[11/17/08 15:40:14.587]:AUTH-to-IDV-Priority PT:Policy returned:
[11/17/08 15:40:14.588]:AUTH-to-IDV-Priority PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify-password class-name="User"
dest-dn="APPS\DOF\NYCSERV\HLSachs" dest-entry-id="58851"
event-id="pwd-subscribe"
qualified-src-dn="O=APPS\OU=DOF\OU=NYCSERV\CN=HLSachs"
src-dn="\NYCTREELAB\APPS\DOF\NYCSERV\HLSachs" src-entry-id="120433">

<association>{FBA7D59C-A9E4-9543-6096-FBA7D59CA9E4}</association>
<password><!-- content suppressed --></password>
<operation-data>
<password-publish-status>

<association>{FBA7D59C-A9E4-9543-6096-FBA7D59CA9E4}</association>
</password-publish-status>
</operation-data>
</modify-password>
</input>
</nds>
[11/17/08 15:40:14.590]:AUTH-to-IDV-Priority PT:Filtering out
notification-only attributes.
[11/17/08 15:40:14.590]:AUTH-to-IDV-Priority PT:Pumping XDS to
eDirectory.
[11/17/08 15:40:14.590]:AUTH-to-IDV-Priority PT:Performing operation
modify-password for APPS\DOF\NYCSERV\HLSachs.
[11/17/08 15:40:14.594]:AUTH-to-IDV-Priority PT:Modifying password for
entry APPS\DOF\NYCSERV\HLSachs.
[11/17/08 15:40:14.613]:AUTH-to-IDV-Priority PT:
DirXML Log Event -------------------
Driver: \NYCTREELAB2\services\Drivers\IDM\AUTH-to-IDV-Priority
Channel: Publisher
Object: \NYCTREELAB\APPS\DOF\NYCSERV\HLSachs
(APPS\DOF\NYCSERV\HLSachs)
Status: Error
Message: Code(-9010) An exception occurred:
novell.jclient.JCException: generateKeyPair -777
ERR_SPARSE_FILTER_VIOLATION


--
rrawson
------------------------------------------------------------------------
rrawson's Profile: http://forums.novell.com/member.php?userid=4898
View this thread: http://forums.novell.com/showthread.php?t=351122