Driver fails to start with error mentioning non-empty driver object password.

  • 3047301
  • 01-Nov-2006
  • 05-Jun-2014

Environment

NetIQ Identity Manager
NetIQ Identity Manager Driver

Situation

Driver will not start. Error from the driver shows, "Unable to validate that there is a non-empty driver object password (a Publisher-channel Policy may be incorrect)" but the Driver Object password is set properly on the driver and the remote loader.

Resolution

The driver has been customized with a rule in a policy on the Publisher channel that is causing a veto of the driver-start event. The initial event must be let through or the engine does not know that the connection to the Remote Loader and shim is established completely. The rule performing the veto should be limited to objects of a certain class or meeting certain other conditions. Often this can be limited to making sure the operation to be vetoed is either an add, modify, modify-password, modify-attribute, delete, or rename.

The other possibility for receiving this error is that the driver in question does not have the proper Security Equivalence set.  Normally this is set to an administrative user who has rights to the needed objects.  Verify this is the case and restart the driver.

Additional Information

< error>
Active Directory Driver PT:
DirXML Log Event -------------------
Driver: \TREE\CONTEXT\TO\DRIVERSET\Active Directory Driver
Channel: Publisher
Status: Fatal
Message: Unable to validate that there is a non-empty driver object password (a Publisher-channel Policy may be incorrect)

Feedback service temporarily unavailable. For content questions or problems, please contact Support.