Environment
Novell Identity Manager 3.6.x
Novell Identity Manager 4.x
Novell Identity Manager 4.0.x
Situation
Trying to create a group object by the driver under o=xxxx in LDS results in the below error
<ldap-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">
<client-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">Naming Violation</client-err>
<server-err>00002099: NameErr: DSID-0305109C, problem 2005 (NAMING_VIOLATION), data 0, best match of: 'o=testorg'
</server-err>
<server-err-ex win32-rc="8345"/>
</ldap-err>
<client-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">Naming Violation</client-err>
<server-err>00002099: NameErr: DSID-0305109C, problem 2005 (NAMING_VIOLATION), data 0, best match of: 'o=testorg'
</server-err>
<server-err-ex win32-rc="8345"/>
</ldap-err>
The same response is obtained when an ldif is ran against LDS to create the group. However ADSI and LDP tools seem to be able to create a group object under o=xxxx with no issues.
The driver can create the user objects without issues.
Resolution
According to Microsoft (http://technet.microsoft.com/en-us/library/cc730701(v=ws.10).aspx) group objects are not allowed to be created under an Organization object as their recommendation is to create OU objects to segregate objects in LDS for easier management.