AD password comes over blank if updated Google Apps Password Sync is installed

  • Document ID:7018007
  • Creation Date:01-Sep-2016
  • Modified Date:01-Sep-2016
    • Micro Focus Products:
      Identity Manager

Environment

NetIQ Identity Manager 4.5.x
NetIQ Identity Manager Driver - Active Directory
NetIQ Identity Manager Driver - Google Apps

Situation

The Active Directory password that is captured by pwfilter.dll (Active Directory Driver Password filter) during a password change event for a user comes over blank if Google Apps Password Sync 1.5.22.0 is installed

Customer had old version which worked with pwfilter.dll
Previous version was:   1.3.2080.1248
Newly installed version:  1.5.22.0

Stopping the Google Apps Password Sync did not solve the problem.

Resolution

Remove the Google Apps Password Sync components and reboot the DC to get the pwfilter to start capturing non-blank passwords.

Another potential resolution is to downgrade the Google APps Password Sync components to a previous version (1.4 or older).

Micro Focus Engineering is looking into the issue.

Additional Information

Trace Snipit showing the blank password.
-----------------
[09/01/16 12:04:13.258]:Active Directory PT:
<nds dtdversion="2.2">
  <source>
    <product build="20150311_120000" instance="\TEST_TREE\TEST\DriverSet\Active Directory" version="4.0.2.0">AD</product>
    <contact>NetIQ Corporation</contact>
  </source>
  <input>
    <modify-password class-name="user" event-id="Active Directory##156e67e514a##1" password-admin-reset="true" src-dn="CN=User One,CN=Users,DC=novell,DC=test,DC=com">
      <association>8d52d7e70b0a134ba9332da215caa6d9</association>
      <password/>
    </modify-password>
  </input>
</nds>
------------------
Note the blank password       <password/>
It should be:  <password><!-- content suppressed --></password>