Environment
Novell Identity Manager - Remote Loader
Novell Identity Manager 3.6.1
Novell Identity Manager Driver - Active Directory
Novell Identity Manager 3.6.1
Novell Identity Manager Driver - Active Directory
Situation
Attributes set in Active Drive Publisher Channel filter aren't syncing to the Identity Vault. A level 5 remote loader trace shows the following return code:
DirXML: [09/21/10 16:07:38.74]: ADDriver: Publisher Poll
DirXML: [09/21/10 16:07:38.74]: ADDriver: set filter for initial cookie
DirXML: [09/21/10 16:07:38.74]: ADDriver: get object changes - 0x0032
Anything other than 0x0000 means an LDAP error occurred when we try to read form AD's DIRSYNC api. Th ex error code can be interpreted using: http://support.microsoft.com/kb/218185 The .0x0032 return code means LDAP_INSUFFICIENT_RIGHTS.
Resolution
To resolve the issue make sure the Service Account used by the driver shim has Read and Replicate Directory Changes rights at the root of the Active Directory domain as outlined in the documentation https://www.novell.com/documentation/idm36drivers/ad/data/bp7wru3.html .