Syncing Passwords from Active Directory to eDirectory with Service Account does not work

  • 7005798
  • 20-Apr-2010
  • 21-Dec-2017

Environment

Novell Identity Manager Driver - Active Directory
Novell Identity Manager - Password Synchronization
Novell Identity Manager 4.6.x
Novell Identity Manager 4.5.x
Novell Identity Manager 3.6.1
Novell Identity Manager 3.5.1

Situation

Synchronizing passwords from Microsoft Active Directory (MAD) to eDirectory fails with error 5 (PassSyncCache::StorePwdInfo() returned 0x00000005) when using a Service Account instead of a Domain Administrator on the AD Driver.

A level 5 trace on the remote loader shows the following error:

DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] PassSyncCache::StorePwdInfo()
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - open the cache.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - acquire the mutex.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - mutex acquired.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - enumindex 0.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - create the entry MC8314.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - an error occurred ... delete this entry.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - release the mutex.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - mutex released.
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] StorePwdInfo() - close the cache
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD 4396] PassSyncCache::StorePwdInfo() returned 0x00000005
DirXML: [03/27/10 18:19:22.19]: ADDriver: [PWD] PassSyncPassword() returned 0x00000005


Resolution

Assign the AD Service account read, write, delete, and inheritance rights on the passsync registry key"HKLM\SOFTWARE\Novell\PwFilter\Data\"on the remote loader.  This allows password changes to be read by the Remote Loader under the HKLM\SOFTWARE\Novell\PwFilter\Data\’Username’ key for each user that has changed their password.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.