Environment
Novell Modular Authentication Service version 2.3
Situation
Users get error -1665 attempting to change their Universal Password.
Resolution
Additional Information
In one case, there were two eDirectory trees linked via DirXML.
All users were synchronized bidirectionally between the two trees.
Users are required to change their passwords in the "Workforce"
tree, and those changes would sync to the other tree. The Tree keys
weren't present on all servers in the "Workforce" tree, and the
others only had 56-bit keys. Universal password needs the 168-bit
keys for proper operation.
Often, even once the Tree keys have been properly generated or synchronized, users will continue to experience the same error, because their existing universal password data was corrupted by using the previously bad tree key. In this case, if it is not too much trouble, you can just delete and re-create the affected user objects. In the above case, there were user objects present in two trees, and only one tree had bad tree keys, so you could delete the user object from that tree and allow it to resynchronize from the other tree.
Formerly known as TID# 10093969