On 16.05.2012 21:06, fnutter wrote:
> Hi,
> We are trying to sync a single group to openldap from edirectory. Right
> now we only sync users.
> I had to build matching, create and placement policies for the group,
> but it gives me a Naming Violation (64)
> and Invalid DN Syntax (34) errors. Here is the log. Let me know if you
> need any more info.
> Let me know what I need to do and how to fix it please.

> <status event-id="TS_IDM#20120516182142#99#1"
> level="error">LDAPException: Naming Violation (64) Naming Violation
> LDAPException: Server Message: naming attribute 'uid' is not present in
> entry

You need to specify uid (as a specific attribute) in your add operation

As with everything in IDM, there are several ways to solve this,
possibly the simplest way is to use clone-op-attr to ensure that when CN
is sent in an add or modify you also send uid. This may not end up being
the best solution for your needs, but it should work when placed in your
subscriber command transform.

Add this rule
<description>keep uid in sync with CN</description>
<if-operation mode="regex" op="equal">add|modify</if-operation>
<if-class-name mode="nocase" op="equal">Group</if-class-name>
<do-clone-op-attr dest-name="uid" src-name="CN"/>


Also, the rule 'Sync Group GW Mobility'. in the subscriber creation
policy CGW Mobility Group creates a second add event that isn't
necessary. I think that causes the second error. I would disable this rule.