Environment
NetIQ Identity Manager
NetIQ Identity Manager Driver
NetIQ Identity Manager Driver
Situation
Driver will not start. Error from the driver shows, "Unable
to validate that there is a non-empty driver object password (a
Publisher-channel Policy may be incorrect)" but the Driver Object
password is set properly on the driver and the remote loader.
Resolution
The driver has been customized with a rule in a policy on
the Publisher channel that is causing a veto of the driver-start
event. The initial event must be let through or the engine
does not know that the connection to the Remote Loader and shim is
established completely. The rule performing the veto should
be limited to objects of a certain class or meeting certain other
conditions. Often this can be limited to making sure the
operation to be vetoed is either an add, modify, modify-password,
modify-attribute, delete, or rename.
The other possibility for receiving this error is that the driver in question does not have the proper Security Equivalence set. Normally this is set to an administrative user who has rights to the needed objects. Verify this is the case and restart the driver.
The other possibility for receiving this error is that the driver in question does not have the proper Security Equivalence set. Normally this is set to an administrative user who has rights to the needed objects. Verify this is the case and restart the driver.
Additional Information
<
error>
Active Directory Driver PT:
DirXML Log Event -------------------
Driver: \TREE\CONTEXT\TO\DRIVERSET\Active Directory Driver
Channel: Publisher
Status: Fatal
Message: Unable to validate that there is a non-empty driver object password (a Publisher-channel Policy may be incorrect)
Active Directory Driver PT:
DirXML Log Event -------------------
Driver: \TREE\CONTEXT\TO\DRIVERSET\Active Directory Driver
Channel: Publisher
Status: Fatal
Message: Unable to validate that there is a non-empty driver object password (a Publisher-channel Policy may be incorrect)