Universal Password environment
Novell Cool Solutions: Question & Answer
Reader Rating 
Q:
I have an eDirectory vault and a production eDirectory that are connected
with an upgraded DirXML 1.1a driver in Identity Manager 2.0. Currently,
passwords sync no problem. We now want to add an Active Directory driver to the vault and synch users and passwords to AD.
We need Universal Password to enable password sync, but do we need NMAS-enabled clients at the user desktops (connected to the production edirectory)? Can we merely enable Universal Password on containers within the Vault eDirectory, and as the NDS password changes come in from the production tree, the Universal Password in the vault is set accordingly? Or does the UP need to change from the clients workstation, and therefore the
production tree also?
A:
You will need UP in your prod tree. The universal password has to be
populated by the user and then can be replicated to the NDS password for
that user. It doesn't work the other way. If the user populates their NDS
password it can't be replicated to the user's UP. Hope that makes sense.
Although you are populating your NDS password key pair for users in the
prod tree and then syncing to the vault, there is no way for eDir or IDM to
read the key pair and copy the value to the UP or Distribution password
attribute. Your users must populate the UP directly to sync to AD or other
directories.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com