Environment
Situation
Synchronizing passwords from connected systems, and the server where IDM is installed hold a filtered replica of the user receiving the password change. An IDM trace shows the following error while setting the password on eDirectory:
DirXML Log Event
-------------------
Driver:
\LAB-TREE\nts\driverset\labdriver
Channel: Publisher
Object:
\LAB-TREE\nts\users\user0001 (nts\users\user0001)
Status: Warning
Message: Code(-8021) Unable to set
NMAS password, -779 ERR_CANNOT_GO_REMOTE.
Resolution
The filtered replica need to have all the attributes used for setting the NMAS password, as well as the classesndsLoginPropertiesandndsContainerLoginPropertieslisted on the filter for the synchronization to be successful. The attributes needed under the User class for the password to be properly set are:
Private Key
Public Key
SAS:Login Configuration
SAS:Login Configuration Key
SAS:Login Secret
SAS:Login Secret Key
nsimHint
nsimPasswordReminder
nspmAdministratorChangeCount
nspmDistributionPassword
nspmDoNotExpirePassword
nspmPassword
nspmPasswordHistory
nspmPasswordKey
nspmPasswordPolicyDN
nspmPreviousDistributionPassword