History: We previously had our AD driver directly mapping eDir Full
Name to AD displayName. A decision was made to revert to a previous
displayName convention that involved building the displayName in policy.
When the new policy tries to set the new calculated value for
displayName in AD we are seeing the error pasted below. The policy
originally was using a "set destination attribute value" using a local
variable containing the new calculated value, but since that was failing
I explicitly used "clear desination attribute value" although this
results in the same error. I removed the schema mapping that previously
existed for displayName and also set the subscriber channel filter to
ignore for that attribute.

The policy attempts to set the value I want but it fails because it also
sends the value to be removed, which is different from that value that
currently exists in AD. I found this info in geoffc's cool solutions
article: http://tinyurl.com/o2dtoox The article says to figure out why
the two values are different (value that should be removed in AD does
not match the value eDir says should be removed), which I know why (see
History above) but this does not get me closer to being able to set the
value I want.


Any help?


DirXML: [11/26/13 12:05:32.88]: ADDriver: parse command

className user
destDN
eventId
pidvault2#20131126170532#1#1:46f96c51-4ea0-41d8-7d8b-516cf946a04e
association 494b366f68186e459dc417dc3ee84e10
DirXML: [11/26/13 12:05:32.88]: ADDriver: parse modify class = user
DirXML: [11/26/13 12:05:32.88]: ADDriver: association
DirXML: [11/26/13 12:05:32.88]: ADDriver:
494b366f68186e459dc417dc3ee84e10
DirXML: [11/26/13 12:05:32.88]: ADDriver: modify-attr
DirXML: [11/26/13 12:05:32.88]: ADDriver: remove-value
DirXML: [11/26/13 12:05:32.88]: ADDriver: value
DirXML: [11/26/13 12:05:32.88]: ADDriver: Morgan
DirXML: [11/26/13 12:05:32.88]: ADDriver: add-value
DirXML: [11/26/13 12:05:32.88]: ADDriver: value
DirXML: [11/26/13 12:05:32.88]: ADDriver: Morgan1
DirXML: [11/26/13 12:05:32.88]: ADDriver: modify-attr
DirXML: [11/26/13 12:05:32.88]: ADDriver: remove-all-values
DirXML: [11/26/13 12:05:32.88]: ADDriver: modify-attr
DirXML: [11/26/13 12:05:32.88]: ADDriver: remove-all-values
DirXML: [11/26/13 12:05:32.88]: ADDriver: add-value
DirXML: [11/26/13 12:05:32.88]: ADDriver: value
DirXML: [11/26/13 12:05:32.88]: ADDriver: Grinstead, Morgan1
Virginia
DirXML: [11/26/13 12:05:32.88]: ADDriver: ldap_modify user
CN=tqj124,OU=Active,OU=Persons,DC=utc,DC=tennessee ,DC=edu
LDAPMod operations:
delete attribute comment
>> Morgan

add attribute comment
>> Morgan1

delete attribute displayName
delete attribute displayName
replace attribute displayName
>> Grinstead, Morgan1 Virginia

DirXML: [11/26/13 12:05:32.88]: Loader: subscriptionShim->execute()
returned:
DirXML: [11/26/13 12:05:32.88]: Loader: XML Document:
DirXML: [11/26/13 12:05:32.88]: <nds ndsversion="8.7" dtdversion="1.1">
<source>
<product version="4.0.0.2" asn1id="" build="20130813_120000"
instance="\PATRIOT\utc\IDM\PatriotDriverSet\Vault_ TO_UTCTN">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="error" type="driver-general"
event-id="serverName#20131126170532#1#1:46f96c51-4ea0-41d8-7d8b-516cf946a04e">
<ldap-err ldap-rc="20"
ldap-rc-name="LDAP_ATTRIBUTE_OR_VALUE_EXISTS">
<client-err ldap-rc="20"
ldap-rc-name="LDAP_ATTRIBUTE_OR_VALUE_EXISTS">Attribute Or Value
Exists</client-err>
<server-err>00002081: AtrErr: DSID-030F1225, #1:
0: 00002081: DSID-030F1225, problem 1006 (ATT_OR_VALUE_EXISTS), data 0,
Att 9009c (comment)
</server-err>
<server-err-ex win32-rc="8321"/>
</ldap-err>
</status>
</output>
</nds>


--
morganginga
------------------------------------------------------------------------
morganginga's Profile: https://forums.netiq.com/member.php?userid=6370
View this thread: https://forums.netiq.com/showthread.php?t=49322