markcasey
New Member.
233 views

Password Email not Recognised

Hi

I set up a policy to email admins (me at this stage) on password
failure, a copy of NOVLPWDSYNC-itp-EmailOnFailedPwdSub

Then as an admin, I set a password on the user that would fail on the
remote AD system (2012)

Below is the relevant Status message at the policy
Should this not have triggered ?
Do I have to alter it for 2012, or is there something else wrong.

(If I set a valid password, it sync's correctly)

Thanks in advance

Mark

<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20130813_120000"
instance="\TUTTSAU\TBG\IDM\TBGIDM\Tutt Bryant AD"
version="4.0.0.2">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="pwd-subscribe" level="error"
type="driver-general">
<message>Password set failed.</message>
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To
Perform</client-err>
<server-err>0000052D: SvcErr: DSID-031A129B, problem 5003
(WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="1325"/>
</ldap-err>
<operation-data>
<password-subscribe-status>
<association>eed1843ea058a442ac57206f1ad423af</association>
</password-subscribe-status>
</operation-data>
</status>
</output>
</nds>
[11/21/13 11:24:02.314]:Tutt Bryant AD ST:Applying policy:
%+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub-Admin%-C.
[11/21/13 11:24:02.315]:Tutt Bryant AD ST: Applying to status #1.
[11/21/13 11:24:02.315]:Tutt Bryant AD ST: Evaluating selection
criteria for rule 'Send e-mail on a failure when subscribing to
passwords'.
[11/21/13 11:24:02.316]:Tutt Bryant AD ST: (if-operation equal
"status") = TRUE.
[11/21/13 11:24:02.316]:Tutt Bryant AD ST: (if-xpath true
"self::status[@level != 'success'][text() !=
'']/operation-data/password-subscribe-status/association[text() !=
'']") = FALSE.
[11/21/13 11:24:02.317]:Tutt Bryant AD ST: Rule rejected.
[11/21/13 11:24:02.317]:Tutt Bryant AD ST: Evaluating selection
criteria for rule 'Send e-mail on failure to reset connected system
password using the Identity Vault password'.
[11/21/13 11:24:02.317]:Tutt Bryant AD ST: (if-operation equal
"status") = TRUE.
[11/21/13 11:24:02.318]:Tutt Bryant AD ST: (if-xpath true
"self::status[@level !=
'success']/operation-data/password-reset-status") = FALSE.
[11/21/13 11:24:02.318]:Tutt Bryant AD ST: Rule rejected.
[11/21/13 11:24:02.318]:Tutt Bryant AD ST:Policy returned:
[11/21/13 11:24:02.318]:Tutt Bryant AD ST:



Labels (1)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: Password Email not Recognised

On 11/20/2013 9:38 PM, Mark Casey wrote:
> [text() !=
> '']


I believe the above is why it failed. There is no text in the status element.
If you just want all errors and not just password errors you could trim it down to:
self::status[@level != 'success']
or removing the offending predicate should also correct the issue.


--
-----------------------------------------------------------------------
Will Schneider
Knowledge Associate http://forums.netiq.com

If you find this post helpful, please click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.