This section contains information that is specified to the DirXML Driver for eDirectory, and assumes that you are familiar with the information in "Implementing Password Synchronization" in the Novell Nsure Identity Manager 2 Administration Guide.
If you are using the driver to connect to eDirectory 8.7.3, you have more options to choose from, including synchronizing Universal Password.
See the description of the different scenarios in "Implementing Password Synchronization" in the Novell Nsure Identity Manager 2 Administration Guide.
If you enforce incompatible Password Policies in multiple eDirectory trees, and choose to set a password back if it does not comply (with the option "If password does not comply, enforce Password Policy on the connected system by resetting user's password to the Distribution Password"), you could encounter a loop in which each eDirectory server tries to change a noncompliant password.
Information about Password Policies is in "Managing Passwords Using Password Policies" in the Novell Nsure Identity Manager 2 Administration Guide.
If you want to synchronize passwords using Universal Password, make sure you set the filter on both eDirectory drivers to Ignore for the Public Key and Private Key attributes for all classes that you want to synchronize Universal Password.
The Check Password Status task lets you see whether a user's password in Identity Manager is synchronized with the password on connected systems.
If you are using the DirXML Driver for eDirectory, and the Password Policy for a user specifies in the Configuration Options tab that the NDS Password should not be updated when the Universal Password is updated, then the Check Password Status task for that user will always show that the password is not synchronized. The password status will be shown as not synchronized, even if the Identity Manager Distribution Password and the Universal Password on the eDirectory connected system are in fact the same.
This is because the eDirectory check password functionality is checking the NDS Password at this time, instead of going through NMAS to refer to the Universal Password.
If you select the option to update the NDS Password when the Universal Password is updated in the Password Policy (this is the setting by default), then Check Password Status should be accurate for the eDirectory connected system.