I'm getting a -8015 on coming back from AD into eDir. I have made sure
all the password sync settings are correct. I've pasted the dstrace.log
showing the modify password event. Looking through the filter I see
nothing that would be blocking this.

Active Directory PT:Policy returned:
Active Directory PT:
<nds dtdversion="2.2">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify-password class-name="User" src-dn="CN=Test One
(Test1),OU=eDirectory,DC=ci,DC=champaign,DC=gov">
<association>bfc52455e8d89e4487a23ec135445418</association>
<password><!-- content suppressed --></password>
</modify-password>
</input>
</nds>
Active Directory PT:No associated objects.
Active Directory PT:Applying publisher filter.
Active Directory PT: Filtered out <modify-password
class-name='User'>.
Active Directory PT:Fixing up association references.
Active Directory PT:Applying schema mapping policies to output.
Active Directory PT:Applying policy: SchemaMapping.
Active Directory PT:Applying output transformation policies.
Active Directory PT:Applying policy: Output Transform.
Active Directory PT: Applying to status #1.
Active Directory PT: Evaluating selection criteria for rule 'Add:
User, keep sAMAccountName in sync with userPrincipalName'.
Active Directory PT: (if-operation equal "add") = FALSE.
Active Directory PT: Rule rejected.
Active Directory PT: Evaluating selection criteria for rule 'Modify:
User, keep sAMAccountName in sync with userPrincipalName'.
Active Directory PT: (if-operation equal "modify") = FALSE.
Active Directory PT: Rule rejected.
Active Directory PT: Evaluating selection criteria for rule 'Add:
User, keep userPrincipalName in sync with sAMAccountName'.
Active Directory PT: (if-operation equal "add") = FALSE.
Active Directory PT: Rule rejected.
Active Directory PT: Evaluating selection criteria for rule 'Modify:
User, keep userPrincipalName in sync with sAMAccountName'.
Active Directory PT: (if-operation equal "modify") = FALSE.
Active Directory PT: Rule rejected.
Active Directory PT: Evaluating selection criteria for rule 'Strip
add/modify of DirXML-ADContext'.
Active Directory PT: (if-operation equal "add") = FALSE.
Active Directory PT: (if-operation equal "modify") = FALSE.
Active Directory PT: Rule rejected.
Active Directory PT: Evaluating selection criteria for rule 'Convert
userPrincipalName to name@domain.com'.
Active Directory PT: (if-op-attr 'userPrincipalName' available) =
FALSE.
Active Directory PT: Rule rejected.
Active Directory PT: Evaluating selection criteria for rule 'Street
Address: Convert LF to CR-LF'.
Active Directory PT: (if-op-attr 'streetAddress' changing) =
FALSE.
Active Directory PT: Rule rejected.
Active Directory PT: Evaluating selection criteria for rule 'Convert
Login Allowed Time Map to logonHours form'.
Active Directory PT: (if-op-attr 'logonHours' changing) = FALSE.
Active Directory PT: Rule rejected.
Active Directory PT: Evaluating selection criteria for rule 'Add:
User - convert multi-valued Telephone to single value'.
Active Directory PT: (if-operation equal "add") = FALSE.
Active Directory PT: Rule rejected.
Active Directory PT: Evaluating selection criteria for rule 'Strip
unwanted characters from userPrincipalName'.
Active Directory PT: (if-op-attr 'userPrincipalName' available) =
FALSE.
Active Directory PT: Rule rejected.
Active Directory PT: Evaluating selection criteria for rule 'Strip
unwanted characters from sAMAccountName'.
Active Directory PT: (if-op-attr 'sAMAccountName' available) =
FALSE.
Active Directory PT: Rule rejected.
Active Directory PT:Policy returned:
Active Directory PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="warning">Code(-8015) Operation vetoed by
filter.</status>
</output>
</nds>
Active Directory PT:Applying XSLT policy: Time+Conversion.
Active Directory PT:Policy returned:
Active Directory PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="warning">Code(-8015) Operation vetoed by
filter.</status>
</output>
</nds>
Active Directory PT:Applying policy: 'Email notifications for failed
password publications'.
Active Directory PT: Applying to status #1.
Active Directory PT: Evaluating selection criteria for rule 'Send
e-mail for a failed publish password operation'.
Active Directory PT: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = FALSE.
Active Directory PT: Rule rejected.
Active Directory PT:Policy returned:
Active Directory PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="warning">Code(-8015) Operation vetoed by
filter.</status>
</output>
</nds>
Active Directory PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="warning">Code(-8015) Operation vetoed by
filter.</status>
</output>
</nds>
Active Directory PT:Remote Interface Driver: Sending...
Active Directory PT:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="warning">Code(-8015) Operation vetoed by
filter.</status>
</output>
</nds>
Active Directory PT:Remote Interface Driver: Document sent.



Full Log is attached.

Thanks,
Steve


+----------------------------------------------------------------------+
|Filename: DSTRACE.LOG |
|Download: http://forums.novell.com/attachment....achmentid=2198 |
+----------------------------------------------------------------------+

--
Sricketts
------------------------------------------------------------------------
Sricketts's Profile: http://forums.novell.com/member.php?userid=2565
View this thread: http://forums.novell.com/showthread.php?t=357359