Support Home Communities Home   Search Today's Posts Mark Forums Read

 
 
LinkBack Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #5  
Old 06-Nov-2009, 04:25 PM
ab@novell.com's Avatar
Novell
  
Join Date: Aug 2007
Location: USA
Posts: 3,453
ab@novell.com 30-39 reputation pointsab@novell.com 30-39 reputation pointsab@novell.com 30-39 reputation pointsab@novell.com 30-39 reputation points
Default Re: Adding AD user to group on Create
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As always please post a trace.

Good luck.





HeCtOr wrote:
> What I am trying to do in a Create rule is add this user to an existing
> Group in AD.
>
> <do-add-dest-attr-value class-name="group" name="member" when="after">
>
> <arg-dn>
>
> <token-text
> xml:space="preserve">CN=axgroup,OU=Groups,OU=Staff ,DC=testad3,DC=usg,DC=edu</token-text>
>
> </arg-dn>
>
> <arg-value type="dn">
>
> <token-text xml:space="preserve">CN=hector,OU=Staff,DC=testad3 ,DC=usg,DC=edu
>
> </token-text>
>
> </arg-value>
>
> </do-add-dest-attr-value>
>
>
> However I keep getting an error in the trace: A value is required for
> attribute 'qualifed-src-dn' on element 'modify'
>
>
>
> <ab@novell.com> wrote in message
> news:570Jm.1117$K62.36@kovat.provo.novell.com...
> Users, in MAD, do not have an attribute that points to the group. It
> looks like there is via LDAP but that's because MAD is faking it. Trying
> to modify that (vs. modifying the group to point to the user) will ALWAYS
> fail. Good job finding that failure another way and ruling out IDM,
> though. TID# 10099876 is for you.
>
> Modify the group adding the user in order to pull this off.
> Alternatively, have another driver add the user hook up the user and group
> in eDirectory and then that change will just synchronize on over to MAD
> naturally.
>
> Good luck.
>
>
>
>
>
> HeCtOr wrote:
>>>> I have a simple create rule that I was using so that when adding a user
>>>> they
>>>> would get added to a Security Group in AD. I kept getting "unwilling to
>>>> perform"
>>>>
>>>> After troubleshooting for several hours, I decided to just try to add it
>>>> with an LDIF to verify it can be done. I still get "unwilling to perform"
>>>> using this simple LDIF
>>>>
>>>> dn: CN=hector, ou=staff, dc=testad3,dc=usg,dc=edu
>>>> changetype: modify
>>>> add: memberof
>>>> memberof: cn=axgroup,ou=groups,ou=staff,dc=testad3,dc=usg,dc =edu
>>>>
>>>> Perhaps I do not fully understand AD groups as opposed to Novell groups?
>>>>
>>>> The above group and user exists. I can add manually through the AD
>>>> console
>>>> and query the user to return that DN of the group.
>>>>
>>>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJK9KJjAAoJEF+XTK08PnB5sOAP/1voY4RZK+yBetN7kmD676ot
qeXf8o5fQJFPPn65tV3TugKII+RqDo2+0u9jzZ/ipjmf+0B3RK+qZDLA85hScSlm
WCD8h0fBf7Y3rdM6B7I5QrjZOxdBYzUQE164a+eTUTT7+v8jmd KhH7LFWeim5DFz
7hkdERkEUh5DdMGU5PCuWUQo4O6dMvtjeWS6Fn+8BPOPmSDhvG fqUybB3qL8PziZ
AqlBoKSpmjIZuEB02s1YyvRWhvkWEUFsOzTsbiqhMsiaqjXdvd ueuSmDw2NZY7Zz
YOQ1WU3MgeBIgwuhg2G229x+m59veMNCpoQ8TGixHXRnYxyrKL 8WhRPxRcSdR6Nu
fmggUXAt8dqj40ZRQWSWdGB2oN0w7KlUIkfkosEfbgMTi5BAqe vnmsXZ8uPyuUUq
ukRHeX2KGJYyYSb61AX0lxRcIBn8ked3WQgSxl3RdPdg6e3h+O GXq2Qwuhu/PZGZ
n1fXvmxmjt22Iv/uj2KSEksa2xxgsNkbt/gmkA5KPr/1y3BUWqBYF7mwm438lxDK
xTBD+c6m54yUn2dA/OT2lKrgcHhsXiS7jg1nFq47uaFJAjbIJ2CHvivevR05/IGZ
htJdojNS+1Uth8L9+sOwnUr7M1NlQFLXkPcgH1nF2dklb88uqj Qdp5oyZN45iDnm
/P9eghRrEK1oBRLpemTU
=gnUp
-----END PGP SIGNATURE-----
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -6. The time now is 02:22 PM.
Contact Us - NOVELL FORUMS - Archive - Privacy Statement - Top

© 2007 Novell, Inc. All Rights Reserved.

Search Engine Friendly URLs by vBSEO 3.3.0 RC2