Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
315 views

Unable to set NMAS password: -1643 NMAS_E_INVALID_PARAMETER.


My edir driver is throwing this up, hence this forum, but I'm fairly
sure its a NMAS setup problem.
This is in my development ID vault, which has been through some big
changes recently having removed the last Netware server from it, so the
very smart money is something is stuffed up with NMAS. The trouble is I
touch NMAS so rarely I'm not great on the subtleties.

The test system has fewer NMAS methods installed than live, to wit only

CertMutual
Challenge Response
DIGEST-MD5
GSSAPI
Macintosh Native File Access
NDS
Simple Password
Windows Native File Access

In particular I note the live tree also has NDS Changepassword and
EnhancedPassword methods installed.

Anyway, here's an extract from the trace which seems to show all that's
relevant.

<modify class-name="User"
dest-dn="\ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef" from-reset="true"
qualified-src-dn="O=ORGCC\OU=Nth\OU=Nor\OU=CH\OU=LEG\CN=abcdef"
src-dn="\TST65-TREE\ORGCC\Nth\Nor\CH\LEG\abcdef" src-entry-id="44152">
<association
state="associated">{8C6A29F9-46E8-df11-88C6-000255AC38E3}</association>
<modify-attr attr-name="nspmDistributionPassword"><!-- content
suppressed -->
</modify-attr>
</modify>
<modify-password class-name="User"
dest-dn="\ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef"
qualified-src-dn="O=ORGCC\OU=Nth\OU=Nor\OU=CH\OU=LEG\CN=abcdef"
src-dn="\TST65-TREE\ORGCC\Nth\Nor\CH\LEG\abcdef" src-entry-id="44152">
<association>{8C6A29F9-46E8-df11-88C6-000255AC38E3}</association>
<password/>
</modify-password>
</input>
</nds>
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Filtering out notification-only
attributes.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Pumping XDS to eDirectory.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Performing operation modify for
\ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:--JCLNT--
\ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir : Duplicating :
context = 974520446, tempContext = 974520387
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Modifying entry
\ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="User"
dest-dn="\TST65-TREE\ORGCC\Nth\Nor\CH\LEG\abcdef"
src-dn="\ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef">
<association>{8C6A29F9-46E8-df11-88C6-000255AC38E3}</association>
<modify-attr attr-name="nspmDistributionPassword"
failed-sync="true"><!-- content suppressed -->
</modify-attr>
</modify>
</input>
</nds>
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:--JCLNT--
\ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir : Calling free on
tempContext = 974520387
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Performing operation
modify-password for \ORGDIR-QATREE\ORGcc\Corp_LDAP\Users\abcdef.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:--JCLNT--
\ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir : Duplicating :
context = 974520446, tempContext = 974520387
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:Optimize Password determined
operation not needed.
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:--JCLNT--
\ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir : Calling free on
tempContext = 974520387
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:
DirXML Log Event -------------------
Driver: \ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir
Channel: Subscriber
Status: Success
09:25:48 5AD60710 Drvrs: FP-IDV-eDir ST:
DirXML Log Event -------------------
Driver: \ORGDIR-QATREE\ORGcc\*services\IDM4-NewSet\IDV-FP-eDir
Channel: Subscriber
Status: Warning
Message: Code(-8021) Unable to set NMAS password: -1643
NMAS_E_INVALID_PARAMETER.


--
jimc
------------------------------------------------------------------------
jimc's Profile: https://forums.netiq.com/member.php?userid=238
View this thread: https://forums.netiq.com/showthread.php?t=46834

Labels (1)
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Unable to set NMAS password: -1643 NMAS_E_INVALID_PARAMETER.

Which version of IDM, eDirectory, is involved? Which platform? What
changes have you made to this driver config recently and how often do you
test password changes like this one?

If you could post the entire trace that may help, especially if you have
both sides (from the other eDir environment) at same time to get both
sides of that story. Whil doing that you MAY also want to use ndstrace
and get ONLY the +TIME +TAGS +NMAS filters writing to a file to see if
anything more-verbose shows up there:

ndstrace
set dstrace=nodebug
dstrace +time +tags +nmas
dstrace file on
set dstrace=*r
#perform your test here, tracing IDM to files directly from the driver
dstrace file off
quit

Post the ndstrace.log file along with the IDM traces from each driver.

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to set NMAS password: -1643 NMAS_E_INVALID_PARAMETER.


Thanks ab,
I think I've now tracked it down to an embarrassing CA problem in the ID
vault:-) I certainly need to solve that before going much further.


--
jimc
------------------------------------------------------------------------
jimc's Profile: https://forums.netiq.com/member.php?userid=238
View this thread: https://forums.netiq.com/showthread.php?t=46834

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.