Environment
Novell Identity Manager Driver - Active Directory
Novell Identity Manager - Password Synchronization
Novell Identity Manager 4.6.x
Novell Identity Manager 4.5.x
Novell Identity Manager 3.6.1
Novell Identity Manager 3.5.1
Novell Identity Manager - Password Synchronization
Novell Identity Manager 4.6.x
Novell Identity Manager 4.5.x
Novell Identity Manager 3.6.1
Novell Identity Manager 3.5.1
Situation
Synchronizing passwords from Microsoft Active Directory (MAD) to eDirectory fails with error 5
(PassSyncCache::StorePwdInfo() returned 0x00000005) when using a
Service Account instead of a Domain Administrator on the AD
Driver.
A level 5 trace on the remote loader shows the following error:
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] PassSyncCache::StorePwdInfo()
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - open the cache.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - acquire the mutex.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - mutex acquired.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - enumindex 0.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - create the entry MC8314.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - an error occurred ... delete this entry.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - release the mutex.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - mutex released.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - close the cache
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] PassSyncCache::StorePwdInfo() returned 0x00000005
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD] PassSyncPassword() returned 0x00000005
A level 5 trace on the remote loader shows the following error:
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] PassSyncCache::StorePwdInfo()
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - open the cache.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - acquire the mutex.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - mutex acquired.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - enumindex 0.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - create the entry MC8314.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - an error occurred ... delete this entry.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - release the mutex.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - mutex released.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - close the cache
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] PassSyncCache::StorePwdInfo() returned 0x00000005
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD] PassSyncPassword() returned 0x00000005
Resolution
Assign the AD Service account read, write, delete, and inheritance
rights on the passsync registry key"HKLM\SOFTWARE\Novell\PwFilter\Data\"on the remote
loader. This allows password changes to be read by the Remote Loader under the
HKLM\SOFTWARE\Novell\PwFilter\Data\’Username’ key for each user
that has changed their password.