Has anyone had any luck in converting an eDirectory User object into an
Active Directory Contact object? I have been working with the "Set
Operation Class Name" token and I believe this is what I should be
doing, but the object never comes across as a Contact. I have read a
couple articles on the subject, but they just state that one should use
this token, not how it was used.

Below is my rule and trace, that are currently not working. I am
getting LDAP 53 errors for some reason. Currently I have the rule in
Command Transform, but I've also moved it around a bit while working on
it.

Any help would be much appreciated!

Thanks!

Rule:

<rule>
<description>Set Email Alias Attributes</description>
<comment xml:space="preserve">Set email alias attributes on contacts
going into AD.</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-src-dn op="in-container">LUK\Contacts</if-src-dn>
</and>
</conditions>
<actions>
<do-set-op-class-name>
<arg-string>
<token-text xml:space="preserve">contact</token-text>
</arg-string>
</do-set-op-class-name>
</actions>
</rule>


Trace - I posted just the application of the rule and the error because
I couldn't post the entire trace. If someone needs something different
or more, please let me know.



[10/10/12 13:07:20.891]:AD ST:Submitting add to subscriber shim.
[10/10/12 13:07:20.892]:AD ST:Applying command transformation
policies.
[10/10/12 13:07:20.892]:AD ST:Applying policy: %+C%14CCommand
Transform%-C.
[10/10/12 13:07:20.892]:AD ST: Applying to add #1.
[10/10/12 13:07:20.892]:AD ST: Evaluating selection criteria for
rule 'Strip out modifies of CN from merge'.
[10/10/12 13:07:20.893]:AD ST: (if-operation equal "modify") =
FALSE.
[10/10/12 13:07:20.893]:AD ST: Rule rejected.
[10/10/12 13:07:20.893]:AD ST: Evaluating selection criteria for
rule 'Login Expiration Time Being Removed: Set value to 0'.
[10/10/12 13:07:20.894]:AD ST: (if-operation equal "modify") =
FALSE.
[10/10/12 13:07:20.894]:AD ST: Rule rejected.
[10/10/12 13:07:20.894]:AD ST: Evaluating selection criteria for
rule 'Set Email Alias Attributes'.
[10/10/12 13:07:20.894]:AD ST: (if-class-name equal "User") =
TRUE.
[10/10/12 13:07:20.895]:AD ST: (if-src-dn in-container
"LUK\Contacts") = TRUE.
[10/10/12 13:07:20.895]:AD ST: Rule selected.
[10/10/12 13:07:20.895]:AD ST: Applying rule 'Set Email Alias
Attributes'.
[10/10/12 13:07:20.895]:AD ST: Action:
do-set-op-class-name("contact").
[10/10/12 13:07:20.896]:AD ST: arg-string("contact")
[10/10/12 13:07:20.896]:AD ST: token-text("contact")
[10/10/12 13:07:20.896]:AD ST: Arg Value: "contact".
[10/10/12 13:07:20.896]:AD ST:Policy returned:
[10/10/12 13:07:20.897]:AD ST:


[10/10/12 13:07:21.143]:AD ST:Remote Interface Driver: Document sent.
[10/10/12 13:07:21.170]:AD :Remote Interface Driver: Received.
[10/10/12 13:07:21.170]:AD :
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000"
instance="\TEST-TREE\Services\Dirxml\DirXMLDriverSet\AD-T"
version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="cmu-met2-t#20121010180720#99#1" level="error"
type="driver-general">
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To
Perform</client-err>
<server-err>00002077: SvcErr: DSID-031907E9, problem 5003
(WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="8311"/>
</ldap-err>
</status>
</output>
</nds>
[10/10/12 13:07:21.174]:AD :Remote Interface Driver: Received document
for subscriber channel
[10/10/12 13:07:21.174]:AD :Remote Interface Driver: Waiting for
receive...
[10/10/12 13:07:21.174]:AD ST:Restoring operation data to output
document
[10/10/12 13:07:21.175]:AD ST:SubscriptionShim.execute() returned:
[10/10/12 13:07:21.177]:AD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000"
instance="\TEST-TREE\Services\Dirxml\DirXMLDriverSet\AD-T"
version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="cmu-met2-t#20121010180720#99#1" level="error"
type="driver-general">
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To
Perform</client-err>
<server-err>00002077: SvcErr: DSID-031907E9, problem 5003
(WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="8311"/>
</ldap-err>
<operation-data>
<password-subscribe-status>
<association/>
</password-subscribe-status>
</operation-data>
</status>
</output>
</nds>


--
jeremysampson
------------------------------------------------------------------------
jeremysampson's Profile: https://forums.netiq.com/member.php?userid=611
View this thread: https://forums.netiq.com/showthread.php?t=42731