Environment
Novell Identity Manager Driver - Active Directory
Situation
When synchronizing a modify to an object in an application partition which was recently created by the microsoft active directory (MAD) driver, the modify fails with an LDAP_UNWILLING_TO_PERFORM error from MAD.
Resolution
Objects created in a MAD "application partition" are not supported by the MAD shim. The driver is designed to synchronize most types of objects, but objects in these special partitions were not part of that scope and were added to MAD after the original driver was released. An enhancement request, # 704545, has been entered into BugZilla to add support for these objects.
In the case of ADAM/LDS the failure is the result of a missing default naming context and modifications can be made to work by setting a default naming context in the application. A document that may help follows: http://technet.microsoft.com/en-us/library/cc816929
In the case of ADAM/LDS the failure is the result of a missing default naming context and modifications can be made to work by setting a default naming context in the application. A document that may help follows: http://technet.microsoft.com/en-us/library/cc816929
Additional Information
DirXML: [04/22/09 10:44:12.12]: ADDriver: Imported class wm-BusinessUnit
DirXML: [04/22/09 10:44:12.12]: ADDriver: association
DirXML: [04/22/09 10:44:12.12]: ADDriver: a373c192da0d994dacd066027fa0bee2
DirXML: [04/22/09 10:44:12.12]: ADDriver: modify-attr
DirXML: [04/22/09 10:44:12.12]: ADDriver: remove-value
DirXML: [04/22/09 10:44:12.12]: ADDriver: value
DirXML: [04/22/09 10:44:12.12]: ADDriver: MO
DirXML: [04/22/09 10:44:12.12]: ADDriver: add-value
DirXML: [04/22/09 10:44:12.12]: ADDriver: value
DirXML: [04/22/09 10:44:12.12]: ADDriver: MO2
DirXML: [04/22/09 10:44:12.12]: ADDriver: Connect using ldap_bind: user=adm, domain=office, password=***, method=negotiate, server=server0007.asdf.org.com, sign=yes, seal=yes ssl=no
DirXML: [04/22/09 10:44:12.12]: ADDriver: ldap_bind connection succeeded
DirXML: [04/22/09 10:44:12.12]: ADDriver: ldap_modify wm-BusinessUnit
LDAPMod operations:
delete attribute st
>>MO
add attribute st
>>MO2
DirXML: [04/22/09 10:44:12.12]: Loader: subscriptionShim->execute() returned:
DirXML: [04/22/09 10:44:12.12]: Loader: XML Document:
DirXML: [04/22/09 10:44:12.12]:
<nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="3.5.3" asn1id="" build="20080229_143300" instance="\METADIR\org\services\DriverSet\Driver AD BU">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="error" type="driver-general" event-id="osel6011#20090422154412#1#1">
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>00000057: LdapErr: DSID-0C090A47, comment: Error in attribute conversion operation, data 0, vece</server-err>
<server-err-ex win32-rc="87"/>
</ldap-err>
</status>
</output>
</nds>