Environment
Identity Manager Driver - Active Directory
Situation
When synchronizing a new user to Microsoft ADAM / LDS through the Active Directory driver, the user gets the following error when trying to use the association just received for the user. "Association does not resolve to an object in the application".
<status event-id="0" level="error" type="driver-general">Association does not resolve to an object in the application</status>
Status: Error
Message: Code(-9024) Unable to read current state of <association value>.
Message: Code(-9024) Unable to read current state of <association value>.
Modify events when attempting to use the association fail with a LDAP_UNWILLING_TO_PERFORM error:
Message: <ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>00000057: LdapErr: DSID-0C042E47, comment: Error in attribute conversion operation, data 0, v3839</server-err>
<server-err-ex win32-rc="87"/>
<client-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>00000057: LdapErr: DSID-0C042E47, comment: Error in attribute conversion operation, data 0, v3839</server-err>
<server-err-ex win32-rc="87"/>
Resolution
Setting a default naming context in ADAM / LDS resolved the issue.
See Section B.3.1 Setting the Default Naming Context for Your AD LDS/ADAM Instance in the Active Directory Driver documentation.
Cause
In the case of ADAM/LDS the failure is the result of a missing default
naming context and modifications can be made to work by setting a
default naming
context in the application. A document that may help follows: http://technet.microsoft.com/en-us/library/cc816929