No Universal Password Policy assigned to the user in iManager
(Last modified: 08Sep2005)
This document (10098821) is provided subject to the disclaimer at the end of this document.
fact
Novell eDirectory 8.7.3 for All Platforms
symptom
No Universal Password Policy assigned to the user in iManager
If you open iManager to check which Universal Password is assigned to a user with the "Policy Assignments" task, it will not show any policies or the default password policy will show up
If you check the Policy Assignment tab of the Universal Password Policy in iManager, "Password Policies" task, everything looks fine and the policy looks assigned correctly
cause
If you create a Password policy and assign it to a user, container or partition root, it will create two attributes in a two-ways relationship:
One on the assigned object, this attribute is called nspmPasswordPolicyDN - which is pointing to the Password policy object assigned to the current object.
One on the password policy itself - which is stored in the Security container - an nsimAssignment attribute is created which is pointing to the user, container or partition root where the policy is assigned.
If the nspmPasswordPolicyDN attribute is missing from the assigned object, the password policy for a user will not show up (it will report: "No policy currently assigned") in iManager "Policy Assignments" task.The system is looking for this attribute on the user, or on the container which holds the user object or at the partition root. If it cannot find this attribute, that means the user does not have any password policy assigned. If the default password polices exist it will be used, otherwise no policy will be assigned.
If the nsimAssignment attribute is missing from the Password policy object, you will not see any assignments on the Password policy when you check the "Policy Assignment" tab in iManager.
From another view: When you check the policy with iManager and check the assignment from the policy side, iManager is reading the object from the nsimAssingment attribute. When you check a user if it has a policy, it's checking the user, the container of the user and the partition root of the user for the nspmPasswordPolicyDN. If it cannot find it, it will look for the default password policy and if it cannoit find it, "No policy assigned" shows up.
You can check if the attributes exist using DSBROWSE or iMonitor.
change
Usually this issue happens when ConsoleOne is used to administer the associated objects and it can cause the deletion of these attributes.
fix
You have to remove the assignments from the Password policy and reassign the policy to the user, organization or partition root as necessary.
document
| Document Title: | No Universal Password Policy assigned to the user in iManager |
| Document ID: | 10098821 |
| Solution ID: | NOVL103371 |
| Creation Date: | 07Sep2005 |
| Modified Date: | 08Sep2005 |
| Novell Product Class: | Novell Directory Services |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.