Environment
Novell Identity Manager Driver- Active Directory Driver
Situation
On a Group Object, if the driver tries to sync the eDirectory'L' attribute to the physicalDeliveryOfficeName attribute in Active
Directory on Windows, an LDAP_OBJECT_CLASS_VIOLATION will
occur. This is because In Active Directory, there is no
equivalent to physicalDeliveryOfficeName for Groups as there is for
Users objects.
In trace, something similar to the following may appear:
DirXML Log Event -------------------
Driver: \LAB159TREE\system\services\idm\DrvrSet0\AD0
Channel: Subscriber
Object: \LAB159TREE\myorgs\novell\testGroup0
Status: Error
Message:
ldap-rc-name="LDAP_OBJECT_CLASS_VIOLATION">
ldap-rc-name="LDAP_OBJECT_CLASS_VIOLATION">Object Class
Violation
0000207D: UpdErr: DSID-03150F9C, problem
6002
(OBJ_CLASS_VIOLATION), data 0
Driver: \LAB159TREE\system\services\idm\DrvrSet0\AD0
Channel: Subscriber
Object: \LAB159TREE\myorgs\novell\testGroup0
Status: Error
Message:
(OBJ_CLASS_VIOLATION), data 0
Resolution
For any existing Active Directory drivers, edit the filter and on
the Group Class, delete the "L" attribute. In future versions
of the Active Directory driver, this problem will be fixed in the
Pre-config.