If true, allows passwords to flow from the Identity Vault to the connected system.trueIf true, allows passwords to flow from the connected system to the Identity Vault.trueUse the password from the connected system to set the non-reversible NDS password in the Identity Vault.trueUse the password from the connected system to set the NMAS Distribution Password used for Identity Manager password synchronization.falseIf true, applies NMAS password policies during publish password operations. Password is not written to the Identity Vault if it does not comply.trueIf true, on a publish Distribution Password failure, attempt to reset the password in the connected system using the Distribution Password from the Identity Vault.trueIf true, send e-mail notification of any password synchronization failures.trueThe name of the connected system, application or Identity Manager driver. This value is used by the e-mail notification templates.PassExp0The subscriber channel retry interval controls how frequently the DirXML Engine will retry the processing of a cached transaction after the application shim's Subscriber object returns a retry status.30The qualified form for DN-syntax attribute values controls whether values for DN-syntax attribute values are presented in unqualified slash form or qualified slash form. A "true" setting means the values are presented in qualified form.falseThe qualified form for rename events controls whether the new-name portion of rename events coming from the Identity Vault are presented to the Subscriber channel with type qualifier(s) (e.g. CN=). A "true" setting means the names are presented in qualified form.falseThe maximum eDirectory replication wait time controls the maximum time that the DirXML Engine will wait for a particular change to replicate between the local replica and a remote replica. This only affects operations where the DirXML Engine is required to contact a remote eDirectory server in the same tree to perform an operation and may need to wait until some change has replicated to or from the remote server before the operation can be completed (e.g. object moves when the DirXML server does not hold the master replica of the moved object ;file system rights operations for Users created from a template.)180This control sets the XSLT processor used by the DirXML Engine to a backwards-compatible mode. The backwards-compatible mode causes the XSLT processor to use one or more behaviors that are not XPath 1.0 and/or XSLT 1.0 standards-compliant. This is done in the interest of backwards-compatiblity with existing DirXML stylesheets that depend on the non-standard behavior(s).
In particular:
The behavior of the XPath "!=" operator when one operand is a node-set and the other operand is other than a node-set is incorrect in DirXML releases up to and including DirXML 2.0 (Novell Identity Manager 2.0). This behavior has been corrected; however, the corrected behavior is disabled by default through this control in favor of backwards-compatibility with existing DirXML stylesheets.trueThis control is used to limit the number of application objects that the DirXML Engine will request from an application during a single query that is performed as part of a "migrate objects from application" operation.
If "java.lang.OutOfMemoryError" errors are encountered during a migrate from application operation then this number should be set lower than the default.
Note that this control does not limit the number of application objects that can be migrated; it merely limits the "batch size".50This control is used by the DirXML Engine to determine if the creatorsName attribute should be set to the DN of this driver on all objects created in the Identity Vault by this driver.
Setting the creatorsName attribute allows for easily identifying objects created by this driver, but also carries a performance penalty. If not set, the creatorsName attribute will default to the DN of the NCP Server object that is hosting the driver.falseThis control determines whether the DirXML Engine will write a pending association on an object during subscriber channel processing.
Writing a pending association confers little or no benefit but does incur a performance penalty. Nevertheless, the option exists to turn it on for backward compatibility.falseThis control determines the source of the value reported for the nspmDistributionPassword attribute for subscriber channel add and modify events.
Setting the control to false means that the current value of nspmDistributionPassword is obtained and reported as the value of the attribute event. This means that only the current password value is available. This is the default behavior.
Setting the control to true means that the value recorded with the eDirectory event will be decrypted and reported as the value of the attribute event. This means that both the old password value (if it exists) and the replacement password value at the time of the event are available. This is useful for synchronizing passwords to certain applications that require the old password to enable setting a new password.falseThis control determines whether the DirXML Engine will report the status of subscriber channel password change events.
Reporting the status of subscriber channel password change events allows applications such as the Identity Manager User Application to monitor the synchronization progress of a password change that should be synchronized to the connected application.true,cn,nspmdistributionpasswordUserno/home/userapp/idm/passexp0/output.csv20030/home/userapp/idm/passexp/input.csv.bak10UserUserCNcnnspmDistributionPasswordnspmdistributionpasswordEmail notifications for failed password publicationsSend e-mail for a failed publish password operationtruestatusself::status[@level != 'success']/operation-data/password-publish-status""