Environment
Novell NT Domain Driver
DirXML Password Synchronization
Novell Client 4.9 SP2 for Windows NT/2000/XP
Situation
When changing both the NT Domain and eDirectory password at the same time using the Novell Client version 4.90 SP2 or later on an NT or Active Directory workstation, a dialog appears stating that the NT Domain password was not synchronized because the old password was invalid. However, the password was changed on the NT Domain. Upon rebooting the workstation, the user can log in without any errors.
Resolution
There are several solutions to resolve this problem:
Solution #1
Since passwords are synchronized between eDirectory and the NT Domain via password sync, don't select both providers in the client password change dialogue. Select either to change the eDirectory password or the NT Domain password.
Solution #2 (only for IDM 2)
Create a policy on the Subscriber's Event Transformation (SET) that delays synchronization of passwords so that the NT Domain password is updated before password sync synchronizes the password from eDirectory to the NT Domain. The following is the XML representation of the policy:
<policy>
<rule>
<description>Delay when modification of nspmDistributionPassword</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-operation op="equal">modify</if-operation><if-op-attr name="nspmDistributionPassword" op="changing"/>
</and>
</conditions>
<actions>
<do-trace-message level="1">
<arg-string><token-text xml:space="preserve">Waiting 2 seconds....</token-text></arg-string>
</do-trace-message>
<do-set-local-variable name="DUMMY_VARIABLE">
<arg-string>
<token-xpath expression="javaThread:sleep(2000)"/></arg-string>
</do-set-local-variable>
<do-trace-message level="1">
<arg-string><token-text xml:space="preserve">Done waiting!</token-text></arg-string>
</do-trace-message>
</actions>
</rule>
</policy>
- View the driver's overview
- Click on the Subscriber's Event Transformation policy
- Click 'Insert'
- Enter a value for the 'Enter the name that will be used to for the new policy. ' field
- Click 'OK'
- Click 'Edit XML'
- Click 'Enable XML editing'
- Copy and paste the policy above into the 'XML Editor' (replacing what is currently there).
- Click 'OK'
- Click 'Close' (You may be prompted to restart the driver. Do so if you have already.)
Solution #3 (for IDM 3 or for the Active Directory Driver) - This solution adds a namespace declaration that is needed if you get errors with Solution #2
Create a style sheet on the Subscriber's Event Transformation (SET) that delays synchronization of passwords so that the NT Domain password is updated before password sync synchronizes the password from eDirectory to the NT Domain. To create the style sheet do the following:
- View the driver's overview
- Click on the Subscriber's Event Transformation policy
- Click 'Insert'
- Enter a value for the 'Enter the name that will be used to for the new policy. ' field
- Click on 'XSLT'
- Click 'OK'
- Click 'Enable XML editing'
- Add the following namespace
to the namespace declarations:
xmlns:wait="https://www.novell.com/nxsl/java/java.lang.Thread" - Copy and paste the following
template element beneath the line that states <!-- add your custom templates here -->:
<xsl:template match="modify-attr[@attr-name='nspmDistributionPassword']"><xsl:copy><xsl:message>Matched a modification of
nspmDistributionPassword. Sleeping for 2 seconds...</xsl:message><xsl:variable name="threadSleeper"
select="wait:sleep(2000)"/><xsl:message>done sleeping!</xsl:message><xsl:apply-templates select="@*|node()"/></xsl:copy></xsl:template> - Click 'OK'
- Click 'Close' (You may be prompted to restart the driver. Do so if you have already.)
Additional Information
Formerly known as TID# 10095435