Dynamic group returns -306 error in LDAP trace

  • 3060712
  • 11-Oct-2007
  • 26-Apr-2012

Environment


Novell eDirectory 8.8
Novell eDirectory 8.7.3

Situation

After creating a dynamic group in iManager, if you then query the group through an LDAP browser it will fail and a -306 error is returned if looking at a LAN or LDAP trace.

Resolution

In the list of attribute mappings for the LDAP Group object check the mapping for memberQuery. The memberQuery attribute should be mapped to memberQueryURL and not memberURL. Check the alternate mappings as well as the primary mapping.

If memberQuery is mapped to memberURL it will cause the memberQuery attribute of the dynamic group to be populated incorrectly when it is created or edited. Since the attribute is saved incorrectly just removing the memberURL attribute mapping and restarting LDAP will not fix the existing dynamic group. Once the incorrect mapping is removed and LDAP is restarted you will need to edit the dynamic group and re-enter the member query so it can be saved in the correct syntax.