Active Directory LDS Connector : LDAP_NAMING_VIOLATION while attemping to add a group object

  • 7001491
  • 28-Mar-2012
  • 26-Apr-2012


Novell Identity Manager 3.6.x
Novell Identity Manager 4.x
Novell Identity Manager 4.0.x


Trying to create a group object by the driver under o=xxxx in LDS results in the below error
<ldap-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">
 <client-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">Naming Violation</client-err>
 <server-err>00002099: NameErr: DSID-0305109C, problem 2005 (NAMING_VIOLATION), data 0, best match of: 'o=testorg'
 <server-err-ex win32-rc="8345"/>
The same response is obtained when an ldif is ran against LDS to create the group. However ADSI and LDP tools seem to be able to create a group object under o=xxxx with no issues.
The driver can create the user objects without issues.


According to Microsoft ( group objects are not allowed to be created under an Organization object as their recommendation is to create OU objects to segregate objects in LDS for easier management.