sushantcap Absent Member.
Absent Member.

Password change is not replicating from master to replicas


We have 6 edirectory servers, 1 master and 5 replicas,

3 edirectory servers has edirectory version 8.8.8 SP7.
other 3 edirectory servers, including master has edirectory version 8.8.8 SP8.

Also we have recently migrated from IDM 3.7 to IDM 4.5.5

When a user reset its password via SSPR class 'pwmUser' gets added to master immediately and password gets updated, but 'pwmUser' class doesn't get added to some of the replicas and password change doesn't get updated.

Also, whenever this happens i log into imonitor, select agent synchronization, search for affected user and select TimeStamp Entry (timestampobj) or Send Entry to Replicas (sendobj) and 'pwmUser' class get replicated to the replica servers, and password gets updated in replicas.
But this is a work around.

Please let me know how to resolve this.

Labels (1)
1 Reply
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Password change is not replicating from master to replicas

First, if I were you I would patch all of the eDirectory boxes (assuming
they are standalone and not Open Enterprise Server (OES) boxes) to the
latest version available for download; if they are OES, patch to the
latest available in the patch channels too. 8.8 SP8 Patch 7 is a bit old,
and 8.8 SP8 Patch 8 is not much newer, and Patch 11 is current, and there
may be long-resolved bugs that you are hitting. It is not critical, but
it is easy and relatively safe and can resolve issues that are otherwise
impossible to resolve.

The password bit may be secondary; if you see that pwmUser is NOT
replicated to all other replicas, then I would guess that there is a
schema problem within some of the servers for whatever reason. Normally
schema should replicate automatically, and fairly quickly, since it is the
foundation of everything else, but if that is not happening for some
reason then any events requiring that schema will probably back up, even
thing unrelated, because events replicate in order, and SSPR probably ded
the aux class before resetting the password.

Use iMonitor to see if the schema on the Master has the pwmUser class, as
I assume it must since you see it, and use iMonitor on the other boxes to
see if any of them lack it. If any do, we need to fix that first. You
can use iMonitor to force a schema sync from the Master, but mostly we
probably need to see if there are any errors when that is trying to happen:

set dstrace=noebug
dstrace +time +tags +scma +scmd
set dstrace=*m9999999
dstrace file on
set dstrace=*r
set dstrace=*ssa
set dstrace=*ssd
#wait a while and capture the output
dstrace file off

By default the /var/opt/novell/eDirectory/log/ndstrace.log file will be
generated and its output could be very interesting.

Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.