ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins.Read more for important details.
Absent Member.
Absent Member.
186 views

re-syncing passwords?

Hi,

I have edir2dir-drivers between eDirectory-trees, OES 11 SP2, IDM 4.02,
Universal Password.

Some users passwords are not sychronized - so login to "tree2" fails. If
users reset their password in "tree1" sychronization works and users are
able to login in tree2. This is because I had different Password Policy
settings - I think this part of the problem is solved.

My questions are:

Can I re-synchronize all passwords of all users? (Without requiring them to
reset their passwords and without deleting them in tree2?)
Can I get a list of users whose passwords are not sychronized? (Without
checking every single one with iManager.)

Thanks,
Mirko

Labels (1)
0 Likes
3 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner


Migrating the user's should also synchronize the password.
You have to check every single user, sorry.but if you know a regex query
that all passwords that are not synchronized equal you can do a
comparison with the pwd in a null driver.

Cheers


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=53985

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Mirko Guldner <mirko.guldner@web.de> wrote:
> Hi,
>
> I have edir2dir-drivers between eDirectory-trees, OES 11 SP2, IDM 4.02,
> Universal Password.
>
> Some users passwords are not sychronized - so login to "tree2" fails. If
> users reset their password in "tree1" sychronization works and users are
> able to login in tree2. This is because I had different Password Policy
> settings - I think this part of the problem is solved.
>
> My questions are:
>
> Can I re-synchronize all passwords of all users? (Without requiring them to
> reset their passwords and without deleting them in tree2?)


Yes, change nspmDistributionPassword from notify to subscriber sync in the
driver filter on driver portion hosted on tree1

Then migrate users from tree1 via iManager

As for identifying which users have passwords out of sync, I wrote a simple
policy which used a subscriber trigger job and an event transform that
turned the trigger into a check password event. Then in input transform
logged the failed password checks to a file.

> checking every single one with iManager.)
>
> Thanks,
> Mirko



--
If you find this post helpful and are logged into the web interface, show
your appreciation and click on the star below...
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner


Migrating the user's should also synchronize the passwords.

You need to check all users one by one.
But if you have a regex query that all synchronized password match but
not the others you could use that in a null driver and match with the
nspmpassword.


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=53985

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.