IDM3 AD<->eDir

Обсуждение технических вопросов по продуктам Novell под Linux, а также *nix систем

IDM3 AD<->eDir

Сообщение Gambler » 04 июл 2006, 14:51

Вобщем история такая:
Есть SLES+eDir+IDM3. Там настроен драйвер для AD. AD стоит на w2k3.
Между AD и Identity vault настроено SSL соединение. Синхронизируется всё что позволяет IDM3 в обе стороны включая пароли. Всё работает кроме одного: пароли из AD не переходят в eDir! :( . После создания юзера в AD юзер в eDir появляется с паролем @Dirxml1. Срабатывает полиси On User add, provide default password of @Dirxml1 if no password exists. На w2k3 сконфигурирован драйвер PassSync и Evetn Viewer говорит что пароли вроде как передаются в Dirxml драйвер. Где же может быть загвоздка? Ниже лог из Identity vault



AD : Remote Interface Driver: Received.
00:40:12 6A088BB0 Drvrs: AD :
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
</add>
</input>
</nds>
00:40:12 6A088BB0 Drvrs: AD : Remote Interface Driver: Received document for publisher channel
00:40:12 6A088BB0 Drvrs: AD : Remote Interface Driver: Waiting for receive...
00:40:12 65E80BB0 Drvrs: AD PT: Receiving DOM document from application.
00:40:12 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
</add>
</input>
</nds>
00:40:12 65E80BB0 Drvrs: AD PT: Applying input transformation policies.
00:40:12 65E80BB0 Drvrs: AD PT: Applying policy: 'Convert selected attributes to a form most commonly used in the Identity Vault.'.
00:40:12 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:12 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
00:40:12 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:12 65E80BB0 Drvrs: AD PT: Applying rule 'streetAddress: Convert CR-LF to LF'.
00:40:12 65E80BB0 Drvrs: AD PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
00:40:12 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
00:40:12 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:12 65E80BB0 Drvrs: AD PT: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
00:40:12 65E80BB0 Drvrs: AD PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
00:40:12 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
00:40:12 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:12 65E80BB0 Drvrs: AD PT: Applying rule 'accountExpires: Convert to Identity Vault time format'.
00:40:12 65E80BB0 Drvrs: AD PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
00:40:12 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
00:40:12 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:12 65E80BB0 Drvrs: AD PT: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
00:40:12 65E80BB0 Drvrs: AD PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
00:40:12 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:12 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
</add>
</input>
</nds>
00:40:12 65E80BB0 Drvrs: AD PT: Applying policy: 'Email notifications for failed password subscriptions'.
00:40:12 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:12 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
00:40:12 65E80BB0 Drvrs: AD PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
00:40:12 65E80BB0 Drvrs: AD PT: (if-operation equal "status") = FALSE.
00:40:12 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:12 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Manager data store password'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: (if-operation equal "status") = FALSE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:13 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:13 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
</add>
</input>
</nds>
00:40:13 65E80BB0 Drvrs: AD PT: Applying schema mapping policies to input.
00:40:13 65E80BB0 Drvrs: AD PT: Mapping class-name 'user' to 'User'.
00:40:13 65E80BB0 Drvrs: AD PT: Mapping attr-name 'dirxml-uACAccountDisable' to 'Login Disabled'.
00:40:13 65E80BB0 Drvrs: AD PT: Mapping attr-name 'displayName' to 'Full Name'.
00:40:13 65E80BB0 Drvrs: AD PT: Mapping attr-name 'givenName' to 'Given Name'.
00:40:13 65E80BB0 Drvrs: AD PT: Mapping attr-name 'sAMAccountName' to 'DirXML-ADAliasName'.
00:40:13 65E80BB0 Drvrs: AD PT: Resolving association references.
00:40:13 65E80BB0 Drvrs: AD PT: Applying event transformation policies.
00:40:13 65E80BB0 Drvrs: AD PT: Applying policy: Event Transform.
00:40:13 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'setup for move validation'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-operation equal "move") = FALSE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'setup for rename validation'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-operation equal "move") = FALSE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'move or rename validation'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-local-variable 'cached-object-value' match ".*") = FALSE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'move or rename cached context update'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-local-variable 'cached-object-value' match ".*") = FALSE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:13 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:13 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
</add>
</input>
</nds>
00:40:13 65E80BB0 Drvrs: AD PT: No associated objects.
00:40:13 65E80BB0 Drvrs: AD PT: Applying publisher filter.
00:40:13 65E80BB0 Drvrs: AD PT: Publisher processing add for CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv.
00:40:13 65E80BB0 Drvrs: AD PT: Applying object matching policies.
00:40:13 65E80BB0 Drvrs: AD PT: Applying policy: 'Find a matching unassociated object in the Identity Vault.'.
00:40:13 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'remember relative position in hierarchy'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-src-dn in-subtree "CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv") = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:13 65E80BB0 Drvrs: AD PT: Applying rule 'remember relative position in hierarchy'.
00:40:13 65E80BB0 Drvrs: AD PT: Action: do-set-op-property("unmatched-src-dn",token-unmatched-src-dn(convert="true")).
00:40:13 65E80BB0 Drvrs: AD PT: arg-string(token-unmatched-src-dn(convert="true"))
00:40:13 65E80BB0 Drvrs: AD PT: token-unmatched-src-dn(convert="true")
00:40:13 65E80BB0 Drvrs: AD PT: Token Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'veto out-of-scope events'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-op-property 'unmatched-src-dn' not-available) = FALSE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'match users based on NT logon name'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-class-name equal "User") = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: (if-global-variable 'LogonNameMap' equal "true") = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:13 65E80BB0 Drvrs: AD PT: Applying rule 'match users based on NT logon name'.
00:40:13 65E80BB0 Drvrs: AD PT: Action: do-find-matching-object(scope="subtree",arg-dn("ic_temp"),arg-match-attr("CN",token-attr("DirXML-ADAliasName"))).
00:40:13 65E80BB0 Drvrs: AD PT: arg-dn("ic_temp")
00:40:13 65E80BB0 Drvrs: AD PT: token-text("ic_temp")
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "ic_temp".
00:40:13 65E80BB0 Drvrs: AD PT: arg-match-attr("CN",token-attr("DirXML-ADAliasName"))
00:40:13 65E80BB0 Drvrs: AD PT: arg-string(token-attr("DirXML-ADAliasName"))
00:40:13 65E80BB0 Drvrs: AD PT: token-attr("DirXML-ADAliasName")
00:40:13 65E80BB0 Drvrs: AD PT: Token Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Query from policy
00:40:13 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query>
<search>
<search>
<value>test</value>
</search>
<read>
</query>
</input>
</nds>
00:40:13 65E80BB0 Drvrs: AD PT: Pumping XDS to eDirectory.
00:40:13 65E80BB0 Drvrs: AD PT: Performing operation query for ic_temp.
00:40:13 65E80BB0 Drvrs: AD PT: Query from policy result
00:40:13 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status></status>
</output>
</nds>
00:40:13 65E80BB0 Drvrs: AD PT: No matches found.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'match users based on full name'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-class-name equal "User") = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: (if-global-variable 'FullNameMap' equal "true") = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:13 65E80BB0 Drvrs: AD PT: Applying rule 'match users based on full name'.
00:40:13 65E80BB0 Drvrs: AD PT: Action: do-find-matching-object(scope="subordinates",arg-dn("ic_temp"+"\"+token-parse-dn(dest-dn-format="dest-dn",length="-2",token-op-property("unmatched-src-dn"))),arg-match-attr("Full Name",token-src-name())).
00:40:13 65E80BB0 Drvrs: AD PT: arg-dn("ic_temp"+"\"+token-parse-dn(dest-dn-format="dest-dn",length="-2",token-op-property("unmatched-src-dn")))
00:40:13 65E80BB0 Drvrs: AD PT: token-text("ic_temp")
00:40:13 65E80BB0 Drvrs: AD PT: token-text("\")
00:40:13 65E80BB0 Drvrs: AD PT: token-parse-dn(dest-dn-format="dest-dn",length="-2",token-op-property("unmatched-src-dn"))
00:40:13 65E80BB0 Drvrs: AD PT: token-parse-dn(dest-dn-format="dest-dn",length="-2",token-op-property("unmatched-src-dn"))
00:40:13 65E80BB0 Drvrs: AD PT: token-op-property("unmatched-src-dn")
00:40:13 65E80BB0 Drvrs: AD PT: Token Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Token Value: "".
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "ic_temp\".
00:40:13 65E80BB0 Drvrs: AD PT: arg-match-attr("Full Name",token-src-name())
00:40:13 65E80BB0 Drvrs: AD PT: arg-string(token-src-name())
00:40:13 65E80BB0 Drvrs: AD PT: token-src-name()
00:40:13 65E80BB0 Drvrs: AD PT: Token Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Query from policy
00:40:13 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query>
<search>
<search>
<value>test</value>
</search>
<read>
</query>
</input>
</nds>
00:40:13 65E80BB0 Drvrs: AD PT: Pumping XDS to eDirectory.
00:40:13 65E80BB0 Drvrs: AD PT: Performing operation query for ic_temp\.
00:40:13 65E80BB0 Drvrs: AD PT: Query from policy result
00:40:13 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status></status>
</output>
</nds>
00:40:13 65E80BB0 Drvrs: AD PT: No matches found.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'match everything else'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-class-name not-equal "User") = FALSE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:13 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:13 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<operation>
</add>
</input>
</nds>
00:40:13 65E80BB0 Drvrs: AD PT: No match found.
00:40:13 65E80BB0 Drvrs: AD PT: Applying object creation policies.
00:40:13 65E80BB0 Drvrs: AD PT: Applying policy: Creation.
00:40:13 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'add attributes for all objects'.
00:40:13 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:13 65E80BB0 Drvrs: AD PT: Applying rule 'add attributes for all objects'.
00:40:13 65E80BB0 Drvrs: AD PT: Action: do-add-dest-attr-value("Object Class","DirXML-ApplicationAttrs").
00:40:13 65E80BB0 Drvrs: AD PT: arg-string("DirXML-ApplicationAttrs")
00:40:13 65E80BB0 Drvrs: AD PT: token-text("DirXML-ApplicationAttrs")
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "DirXML-ApplicationAttrs".
00:40:13 65E80BB0 Drvrs: AD PT: Action: do-set-dest-attr-value("DirXML-ADContext",token-src-dn()).
00:40:13 65E80BB0 Drvrs: AD PT: arg-string(token-src-dn())
00:40:13 65E80BB0 Drvrs: AD PT: token-src-dn()
00:40:13 65E80BB0 Drvrs: AD PT: Token Value: "CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv".
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv".
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'add attributes for user objects'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-class-name equal "User") = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:13 65E80BB0 Drvrs: AD PT: Applying rule 'add attributes for user objects'.
00:40:13 65E80BB0 Drvrs: AD PT: Action: do-set-default-attr-value("Surname","UNKNOWN").
00:40:13 65E80BB0 Drvrs: AD PT: arg-string("UNKNOWN")
00:40:13 65E80BB0 Drvrs: AD PT: token-text("UNKNOWN")
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "UNKNOWN".
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'set user default password'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-class-name equal "User") = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: (if-password not-available) = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: (if-op-attr 'Surname' available) = TRUE.
07/04/2006
00:40:13 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:13 65E80BB0 Drvrs: AD PT: Applying rule 'set user default password'.
00:40:13 65E80BB0 Drvrs: AD PT: Action: do-set-dest-password("-- suppressed --").
00:40:13 65E80BB0 Drvrs: AD PT: arg-string("-- suppressed --")
00:40:13 65E80BB0 Drvrs: AD PT: token-text("-- suppressed --")
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "-- suppressed --".
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'update Active Directory logon name'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-global-variable 'UpnMap' equal "ad-mail-auth") = FALSE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:13 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:13 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>DirXML-ApplicationAttrs</value>
</add>
<add>
<value>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv</value>
</add>
<add>
<value>UNKNOWN</value>
</add>
<password><content></password>
<operation>
</add>
</input>
</nds>
00:40:13 65E80BB0 Drvrs: AD PT: Applying object placement policies.
00:40:13 65E80BB0 Drvrs: AD PT: Applying policy: Placement.
00:40:13 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'placement for all objects'.
00:40:13 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:13 65E80BB0 Drvrs: AD PT: Applying rule 'placement for all objects'.
00:40:13 65E80BB0 Drvrs: AD PT: Action: do-set-op-dest-dn(arg-dn("ic_temp"+"\"+token-op-property("unmatched-src-dn"))).
00:40:13 65E80BB0 Drvrs: AD PT: arg-dn("ic_temp"+"\"+token-op-property("unmatched-src-dn"))
00:40:13 65E80BB0 Drvrs: AD PT: token-text("ic_temp")
00:40:13 65E80BB0 Drvrs: AD PT: token-text("\")
00:40:13 65E80BB0 Drvrs: AD PT: token-op-property("unmatched-src-dn")
00:40:13 65E80BB0 Drvrs: AD PT: Token Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "ic_temp\test".
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'optional logon name mapping'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-class-name equal "User") = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: (if-global-variable 'LogonNameMap' equal "true") = TRUE.
00:40:13 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:13 65E80BB0 Drvrs: AD PT: Applying rule 'optional logon name mapping'.
00:40:13 65E80BB0 Drvrs: AD PT: Action: do-set-op-dest-dn(arg-dn(token-dest-dn(length="-2")+"\"+token-escape-for-dest-dn(token-attr("DirXML-ADAliasName")))).
00:40:13 65E80BB0 Drvrs: AD PT: arg-dn(token-dest-dn(length="-2")+"\"+token-escape-for-dest-dn(token-attr("DirXML-ADAliasName")))
00:40:13 65E80BB0 Drvrs: AD PT: token-dest-dn(length="-2")
00:40:13 65E80BB0 Drvrs: AD PT: Token Value: "ic_temp".
00:40:13 65E80BB0 Drvrs: AD PT: token-text("\")
00:40:13 65E80BB0 Drvrs: AD PT: token-escape-for-dest-dn(token-attr("DirXML-ADAliasName"))
00:40:13 65E80BB0 Drvrs: AD PT: token-escape-for-dest-dn(token-attr("DirXML-ADAliasName"))
00:40:13 65E80BB0 Drvrs: AD PT: token-attr("DirXML-ADAliasName")
00:40:13 65E80BB0 Drvrs: AD PT: Token Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Token Value: "test".
00:40:13 65E80BB0 Drvrs: AD PT: Arg Value: "ic_temp\test".
00:40:13 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:13 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>DirXML-ApplicationAttrs</value>
</add>
<add>
<value>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv</value>
</add>
<add>
<value>UNKNOWN</value>
</add>
<password><content></password>
<operation>
</add>
</input>
</nds>
00:40:13 65E80BB0 Drvrs: AD PT: Found non-class attribute DirXML-ADAliasName.
00:40:13 65E80BB0 Drvrs: AD PT: Found non-class attribute DirXML-ADContext.
00:40:13 65E80BB0 Drvrs: AD PT: Applying command transformation policies.
00:40:13 65E80BB0 Drvrs: AD PT: Applying policy: 'A set of rules that implement the user name mapping options'.
00:40:13 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:13 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'consider user objects when name mapping is enabled'.
00:40:13 65E80BB0 Drvrs: AD PT: (if-class-name not-equal "User") = FALSE.
00:40:13 65E80BB0 Drvrs: AD PT: (if-global-variable 'FullNameMap' equal "false") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'full name mapping: discard unwanted renames'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-global-variable 'FullNameMap' equal "true") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "rename") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'logon name mapping: map NT logon name to Identity Vault object name'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-global-variable 'LogonNameMap' equal "true") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "modify") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:14 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>DirXML-ApplicationAttrs</value>
</add>
<add>
<value>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv</value>
</add>
<add>
<value>UNKNOWN</value>
</add>
<password><content></password>
<operation>
</add>
</input>
</nds>
00:40:14 65E80BB0 Drvrs: AD PT: Applying policy: Command Transform.
00:40:14 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'set cached context value on merge'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "modify") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Set Equivalent To Me when adding object to a group'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-class-name equal "Group") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Remove Equivalent To Me when removing object from a group'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-class-name equal "Group") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'remove managed attributes when object disassociated'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "remove-association") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:14 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>DirXML-ApplicationAttrs</value>
</add>
<add>
<value>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv</value>
</add>
<add>
<value>UNKNOWN</value>
</add>
<password><content></password>
<operation>
</add>
</input>
</nds>
00:40:14 65E80BB0 Drvrs: AD PT: Applying XSLT policy.
00:40:14 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:14 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>DirXML-ApplicationAttrs</value>
</add>
<add>
<value>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv</value>
</add>
<add>
<value>UNKNOWN</value>
</add>
<password><content></password>
<operation>
</add>
</input>
</nds>
00:40:14 65E80BB0 Drvrs: AD PT: Applying policy: Password(Pub)-Default Password Policy.
00:40:14 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'On User add, provide default password of @Dirxml1 if no password exists'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "add") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-class-name equal "User") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-password not-available) = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:14 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>DirXML-ApplicationAttrs</value>
</add>
<add>
<value>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv</value>
</add>
<add>
<value>UNKNOWN</value>
</add>
<password><content></password>
<operation>
</add>
</input>
</nds>
00:40:14 65E80BB0 Drvrs: AD PT: Applying policy: 'Publish Passwords'.
00:40:14 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Block publishing passwords to Identity Manager data store when adding a object'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the Identity Manager data store'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-global-variable 'enable-password-publish' equal "false") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:14 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>DirXML-ApplicationAttrs</value>
</add>
<add>
<value>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv</value>
</add>
<add>
<value>UNKNOWN</value>
</add>
<password><content></password>
<operation>
</add>
</input>
</nds>
00:40:14 65E80BB0 Drvrs: AD PT: Applying policy: 'Publish passwords to NMAS distribution password'.
00:40:14 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Add nspmDistributionAttribute attribute to add operation'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-global-variable 'publish-password-to-dp' equal "true") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "add") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-password available) = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:14 65E80BB0 Drvrs: AD PT: Applying rule 'Add nspmDistributionAttribute attribute to add operation'.
00:40:14 65E80BB0 Drvrs: AD PT: Action: do-add-dest-attr-value("nspmDistributionPassword",token-password()).
00:40:14 65E80BB0 Drvrs: AD PT: arg-string(token-password())
00:40:14 65E80BB0 Drvrs: AD PT: token-password()
00:40:14 65E80BB0 Drvrs: AD PT: Token Value: "-- suppressed --".
00:40:14 65E80BB0 Drvrs: AD PT: Arg Value: "-- suppressed --".
00:40:14 65E80BB0 Drvrs: AD PT: Action: do-set-xml-attr("enforce-password-policy","add-attr[@attr-name = 'nspmDistributionPassword'][last()]",token-global-variable("enforce-password-policy")).
00:40:14 65E80BB0 Drvrs: AD PT: arg-string(token-global-variable("enforce-password-policy"))
00:40:14 65E80BB0 Drvrs: AD PT: token-global-variable("enforce-password-policy")
00:40:14 65E80BB0 Drvrs: AD PT: Token Value: "false".
00:40:14 65E80BB0 Drvrs: AD PT: Arg Value: "false".
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Change modify-password operations to a modify'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-global-variable 'publish-password-to-dp' equal "true") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "modify-password") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:14 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>DirXML-ApplicationAttrs</value>
</add>
<add>
<value>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv</value>
</add>
<add>
<value>UNKNOWN</value>
</add>
<add><content>
</add>
<password><content></password>
<operation>
</add>
</input>
</nds>
00:40:14 65E80BB0 Drvrs: AD PT: Applying policy: 'Publish passwords to NDS password.'.
00:40:14 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Block publishing passwords to NDS password'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Block sending modify-password changes to the NDS password'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-global-variable 'publish-password-to-nds' equal "false") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:14 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>DirXML-ApplicationAttrs</value>
</add>
<add>
<value>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv</value>
</add>
<add>
<value>UNKNOWN</value>
</add>
<add><content>
</add>
<password><content></password>
<operation>
</add>
</input>
</nds>
00:40:14 65E80BB0 Drvrs: AD PT: Applying policy: 'Publish password payloads'.
00:40:14 65E80BB0 Drvrs: AD PT: Applying to add #1.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Add operation-data element to password operations'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "add") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-password available) = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-xpath not-true "operation-data") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "add") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-xpath true "add-attr[@attr-name='nspmDistributionPassword']") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-xpath not-true "operation-data") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "modify-password") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "modify") = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Add payload data to password operations'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "add") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-password available) = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:14 65E80BB0 Drvrs: AD PT: Applying rule 'Add payload data to password operations'.
00:40:14 65E80BB0 Drvrs: AD PT: Action: do-append-xml-element("password-publish-status","operation-data").
00:40:14 65E80BB0 Drvrs: AD PT: Action: do-append-xml-element("association","operation-data/password-publish-status").
00:40:14 65E80BB0 Drvrs: AD PT: Action: do-append-xml-text("operation-data/password-publish-status/association",token-association()).
00:40:14 65E80BB0 Drvrs: AD PT: arg-string(token-association())
00:40:14 65E80BB0 Drvrs: AD PT: token-association()
00:40:14 65E80BB0 Drvrs: AD PT: Token Value: "86b728bfa21f6946ad655aaa8061836f".
00:40:14 65E80BB0 Drvrs: AD PT: Arg Value: "86b728bfa21f6946ad655aaa8061836f".
00:40:14 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:14 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add>
<association>86b728bfa21f6946ad655aaa8061836f</association>
<add>
<value>false</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>test</value>
</add>
<add>
<value>DirXML-ApplicationAttrs</value>
</add>
<add>
<value>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv</value>
</add>
<add>
<value>UNKNOWN</value>
</add>
<add><content>
</add>
<password><content></password>
<operation>
<password>
<association>86b728bfa21f6946ad655aaa8061836f</association>
</password>
</operation>
</add>
</input>
</nds>
00:40:14 65E80BB0 Drvrs: AD PT: Filtering out notification-only attributes.
00:40:14 65E80BB0 Drvrs: AD PT: Pumping XDS to eDirectory.
00:40:14 65E80BB0 Drvrs: AD PT: Performing operation add for ic_temp\test.
00:40:14 65E80BB0 Drvrs: AD PT: Adding entry ic_temp\test.
00:40:14 65E80BB0 Drvrs: AD PT: Creating RDN test in context ic_temp.
00:40:14 65E80BB0 Drvrs: AD PT: Setting initial password.
00:40:14 65E80BB0 NMAS: NMAS Audit 0x29006f logged
00:40:14 65E80BB0 NMAS: NMAS Audit 0x29006a logged
00:40:15 61AD5BB0 Drvrs: UserApplication ST:
DirXML Log Event -------------------
Driver: \IEM_TEMP\ic_temp\Driver Set\UserApplication
Channel: Subscriber
Object: \IEM_TEMP\ic_temp\test
Status: Success
00:40:15 65E80BB0 NMAS: spmAgentSetPassword success
00:40:15 65E80BB0 NMAS: NMAS Audit 0x29006a logged
00:40:15 65E80BB0 NMAS: spmDistSetPassword success
00:40:15 65E80BB0 Drvrs: AD PT:
DirXML Log Event -------------------
Driver: \IEM_TEMP\ic_temp\Driver Set\Active Directory
Channel: Publisher
Object: CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv (ic_temp\test)
Status: Success
00:40:15 65E80BB0 Drvrs: AD PT: Fixing up association references.
00:40:15 65E80BB0 Drvrs: AD PT: Applying schema mapping policies to output.
00:40:15 65E80BB0 Drvrs: AD PT: Applying output transformation policies.
00:40:15 65E80BB0 Drvrs: AD PT: Applying policy: 'Convert selected attributes to a form most commonly used in Active Directory.'.
00:40:15 65E80BB0 Drvrs: AD PT: Applying to status #1.
00:40:15 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Street Address: Convert LF to CR-LF'.
00:40:15 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:15 65E80BB0 Drvrs: AD PT: Applying rule 'Street Address: Convert LF to CR-LF'.
00:40:15 65E80BB0 Drvrs: AD PT: Action: do-reformat-op-attr("streetAddress",token-replace-all("[^\r]\n","\r\n",token-local-variable("current-value"))).
00:40:15 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'logonHours: Convert to Active Directory form'.
00:40:15 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:15 65E80BB0 Drvrs: AD PT: Applying rule 'logonHours: Convert to Active Directory form'.
00:40:15 65E80BB0 Drvrs: AD PT: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2ADLenient($current-value)")).
00:40:15 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'accountExpires: Convert to Active Directory form'.
00:40:15 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:15 65E80BB0 Drvrs: AD PT: Applying rule 'accountExpires: Convert to Active Directory form'.
00:40:15 65E80BB0 Drvrs: AD PT: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
00:40:15 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'lockoutTime: Convert to Active Directory form'.
00:40:15 65E80BB0 Drvrs: AD PT: Rule selected.
00:40:15 65E80BB0 Drvrs: AD PT: Applying rule 'lockoutTime: Convert to Active Directory form'.
00:40:15 65E80BB0 Drvrs: AD PT: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
00:40:15 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Add: User - convert multi-valued Telephone to single value'.
00:40:15 65E80BB0 Drvrs: AD PT: (if-operation equal "add") = FALSE.
00:40:15 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:15 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'update Active Directory logon name'.
00:40:15 65E80BB0 Drvrs: AD PT: (if-xpath true "self::status[@level = 'success']/operation-data/windows-2000-logon-name") = FALSE.
00:40:15 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:15 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:15 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status><operation>
<password>
<association>86b728bfa21f6946ad655aaa8061836f</association>
</password>
</operation>
<application>DirXML</application>
<module>Active Directory</module>
<object>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv (ic_temp\test)</object>
<component>Publisher</component>
</status>
</output>
</nds>
00:40:15 65E80BB0 Drvrs: AD PT: Applying policy: 'Email notifications for failed password publications'.
00:40:15 65E80BB0 Drvrs: AD PT: Applying to status #1.
00:40:15 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'Send e-mail for a failed publish password operation'.
00:40:15 65E80BB0 Drvrs: AD PT: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = TRUE.
00:40:15 65E80BB0 Drvrs: AD PT: (if-operation equal "status") = TRUE.
00:40:15 65E80BB0 Drvrs: AD PT: (if-xpath true "self::status[@level != 'success']/operation-data/password-publish-status") = FALSE.
00:40:15 65E80BB0 Drvrs: AD PT: Rule rejected.
00:40:15 65E80BB0 Drvrs: AD PT: Policy returned:
00:40:15 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status><operation>
<password>
<association>86b728bfa21f6946ad655aaa8061836f</association>
</password>
</operation>
<application>DirXML</application>
<module>Active Directory</module>
<object>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv (ic_temp\test)</object>
<component>Publisher</component>
</status>
</output>
</nds>
00:40:15 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status><operation>
<password>
<association>86b728bfa21f6946ad655aaa8061836f</association>
</password>
</operation>
<application>DirXML</application>
<module>Active Directory</module>
<object>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv (ic_temp\test)</object>
<component>Publisher</component>
</status>
</output>
</nds>
00:40:15 65E80BB0 Drvrs: AD PT: Remote Interface Driver: Sending...
00:40:15 65E80BB0 Drvrs: AD PT:
<nds>
<source>
<product>DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status><operation>
<password>
<association>86b728bfa21f6946ad655aaa8061836f</association>
</password>
</operation>
<application>DirXML</application>
<module>Active Directory</module>
<object>CN=test,CN=Users,DC=adtest,DC=ic,DC=iem,DC=gov,DC=lv (ic_temp\test)</object>
<component>Publisher</component>
</status>
</output>
</nds>
00:40:15 65E80BB0 Drvrs: AD PT: Remote Interface Driver: Document sent.
Gambler
 
Сообщения: 18
Зарегистрирован: 24 мар 2006, 17:32

Re: IDM3 AD<->eDir

Сообщение Damm » 20 авг 2006, 00:13

Gambler писал(а):Срабатывает полиси On User add, provide default password of @Dirxml1 if no password exists.


как раз не срабатывает:

00:40:14 65E80BB0 Drvrs: AD PT: Evaluating selection criteria for rule 'On User add, provide default password of @Dirxml1 if no password exists'.
00:40:14 65E80BB0 Drvrs: AD PT: (if-operation equal "add") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-class-name equal "User") = TRUE.
00:40:14 65E80BB0 Drvrs: AD PT: (if-password not-available) = FALSE.
00:40:14 65E80BB0 Drvrs: AD PT: Rule rejected

вроде судя по логу пароль протаскивается нонрмально и NMAS его принимает (хотя можно для очистки совести проверить требования к UP и удовлетворяет ли им пароль из AD)

наставьте trace message во все полиси, просто печатайте открытым текстом nspmDistributionPassword - станет видно передается ли он, где теряется и пр.
CLP10
Аватара пользователя
Damm
 
Сообщения: 135
Зарегистрирован: 18 май 2004, 02:19
Откуда: SE9


Вернуться в *nix

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 5