If you see an error about a password not complying when a user is initially created, but the password is set correctly in eDirectory, this might be an issue with the default password in the driver policy not conforming to the Password policy that applies to that user.
For example, perhaps you want the NT driver to provide the initial password for a user when it creates a new user object in eDirectory to match a user in NT. The sample configuration for the NT driver sends the initial password as a separate operation from adding the user, and the sample configuration also includes a policy that provides a default password for a user, based on the user’s surname, if no password is provided by NT. Because adding the user and setting the password are done separately, in this case a new user always receives the default password, even if only momentarily, and it is soon updated because the NT driver sends the password immediately after adding the user. If the default password does not comply with the eDirectory Password Policy for the user, an error is displayed. For example, if a default password created from the user’s surname is too short to comply with the Password policy, you might see a -216 error saying password is too short. However, the situation is soon rectified if the NT driver then sends an initial password that does comply.
Regardless of the driver you are using, if you want a connected system that is creating user objects to provide the initial password, consider doing one of the actions in the list below. These measures are especially important if the initial password does not come with the Add event and instead comes in a subsequent event.
Change the policy on the Publisher channel that creates the default password, so that the default password conforms to the Password policies (created through
) that have been defined for your organization in eDirectory. When the initial password comes from the authoritative application, it replaces the default password.This option is preferable because we recommend that a default password policy exists in order to maintain a high level of security within the system.
or
Remove the policy on the Publisher channel that creates default password. In the sample configuration, this policy is provided in the Command Transformation policy set. Adding a user without a password is allowed in eDirectory. The assumption for this option is that the password for the newly created user object eventually comes through the Publisher channel, so the user object exists without a password only for a short time.