Sync password in Identity Manager if Universal password is not set

Posted on 2007-07-19
Medium Priority
Last Modified: 2008-01-09
I am currently syncing Edir--->AD currently if a user does not have a Universal Password set then the user is not synced with AD this is by default.  What I would like to do is sync the user but instead of saying if Universal password is not set then VETO I would like to say if universal password is not set then set password in AD to Surname that way the user is created in AD so i can changes its groups and have the users to modify in AD but then when a user logs into a Novell client there password will be updated to universal password and then synced later on.  Is this possible and how?
Question by:JRose628
  • 3
LVL 19

Expert Comment

ID: 19529504
That's interesting... have you modified the default configuration? A fresh eDir->AD driver should sync the user, universal password or not. If there's no UP available it by default sets their password to dirxml1.

Have you got a rule somewhere which says "if source attribute nspmdistributionpassword not available do veto"? If so all you need to do is change to to "if source attribute nspmdistributionpassword not available, set destination attribute password to source attribute surname".
LVL 19

Expert Comment

ID: 19529534
Actually, I'll just mention this in case you're going bidirectional..

It's always a VERY GOOD IDEA to switch off ALL password policies on your Windows DC and let eDir be authorative on complexity policies, expiry etc. I remember when I did my first IDM2 implementation, when users started syncing with AD it decided their passwords weren't compliant, disabled their AD accounts and set their passwords to their surname, subsequently bouncing that change back to eDirectory!

Fortunately I had a very recent Portlock of a root server with all partitions configured in a test lab, so was able to quickly knock up an eDir->eDir driver and do a force sync of passwords only to put things back to rights.

Just one of those little gotchas that's worth bearing in mind, as IDM configured incorrectly can do a lot of damage very quickly indeed.

Author Comment

ID: 19535102
Bty default in 3.5 this is set in the Creation Policy

If nspmDistributionPassword is not set then VETO

This is only a EDir---> AD setup.  
LVL 19

Accepted Solution

alextoft earned 1500 total points
ID: 19537493
Ok, not deployed 3.5 yet so that must be new.

In that case, just change the action of that rule to set the destination password to the source user's surname.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech giants such as Amazon and Google have sold Alexa and Echo to such an extent that they have become household names. And soon they are expected to be used by commoners in their homes, ordering takeout, picking out a song, answering trivia questio…
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses
Course of the Month14 days, 5 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question