jspωiki
DirXML-ShimAuthPassword

Overview#

DirXML-ShimAuthPassword is an AttributeType used on a DirXML-Driver with an OID of 2.16.840.1.113719.1.14.4.1.6

Error -1473#

Ldapwiki has encountered conditions which when setting the Passwords on a driver that a 1473 error was returned.

The conditions appear to be encountered when:

  • use dibclone
  • Have a DirXML-ShimAuthPassword on a driver encrypted/signed with a key that is no longer valid.

The apparent solution is to:

  • regenerate the DirXML server keys (this can be done with dxcmd)
    • dxcmd -host hostname.example.com -port 1636 -user cn=admin,...,dc=com -password '….'
    • 4: Driver set operations...
    • 7: Regenerate all Identity Manager server keys
    • This invalidates ALL passwords and Identity Manager server keys.
  • purge the values of DirXML-ShimAuthPassword on that server. Running a ndsrepair -R -Ad -SX "DirXML-ShimAuthPassword""

The ndsrepair will purge these values off of the drivers on that server. These operations is per server as values are X-NDS_NEVER_SYNC.

LDAP Attribute Definition#

The DirXML-ShimAuthPassword AttributeTypes is defined as:

Category#

eDirectory

More Information#

There might be more information for this subject on one of the following: