This patch asks you to create a policy on the Command Transform which does the following:
If there is a modify of a user attribute, it will go and read the nspmDP of the source object, if it exists.
This policy was written to help out the 'expired password on password reset' problem.
What the code does in fact is reset the password in the destination system each and every time the object changes, regardless of whether the change is the password or not. To make this more efficient, it should only read the source object's nspmDP only if the nspmDP is PART OF THE OPERATION, not only if it EXISTS or not.
I have taken this up with Novell who agree, however they have not updated the code in subsequent patch releases (IDM201ir4).