User Create failing in Active Directory, LDAP_CONSTRAINT_ERROR

  • 7002460
  • 27-Jan-2009
  • 26-Apr-2012

Environment

Novell Identity Manager 3.5.1

Situation

User existing in IDM Vault is not being created after modifying attributes to allow User Creation via Active Directory driver. Trace log shows:
  1. LDAP_CONSTRAINT_ERROR (ldap-rc:19)
  2. problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 6 (c):len 12

Resolution

Changed the Country value in eDirectory to US from United States. After this the user created successfully.

Additional Information

The Schema Mapping of the Active Directory driver mapped "co" (eDirectory Country) to "c" (Active Directory Country). "c" in Active Directory can only contain 2-character long values from ISO 3166.

"co" in Active Directory is the short name usually associated with the friendlyCountryName attribute defined in RFC 1274. It can hold longer freeform strings like "United States" or "Canada".

Mapping "co" (eDirectory) to "co" (Active Directory) doesn't appear to update the Country/Region label in the Address Property Sheet.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.