Environment
Novell eDirectory 8.7.3.7
Novell Identity Manager 3.0
Novell Identity Manager 3.0 eDirectory Driver
Novell Password Synchronization 2.0
Situation
Anytime a user changed his password on the source tree,
the password was not changed in the Identity Vault (destination)
Tree. The IDM trace show:
DirXML Log Event -------------------
Driver: \NOVELL-LAB-PROD\IDM\IDM-DriverSet\eDir2eDir
Channel: Publisher
Object: \NOVELL-LAB-IDV\IDM\idmtest (\NOVELL-LAB-IDV\IDM\idmtest)
Status: Warning
Message: Code(-8021) Unable to set NMAS password, -222.
Driver: \NOVELL-LAB-PROD\IDM\IDM-DriverSet\eDir2eDir
Channel: Publisher
Object: \NOVELL-LAB-IDV\IDM\idmtest (\NOVELL-LAB-IDV\IDM\idmtest)
Status: Warning
Message: Code(-8021) Unable to set NMAS password, -222.
Resolution
The Universal Password policy (in the destination tree) has to
have the option "Allow User to Initiate the password change" set to
true, for the driver to be able to change the user's
password.
Additional Information
The error -222 in eDirectory context means BAD PASSWORD, and can be
caused by several different issues. Besides the resolution above,
if you are using Universal Passwords make sure that the SDI
keys are working properly on them and that you can change the
password properly on both Trees.