I have been tasked with reconfiguring our Ous in eDir and AD.

I have created a new placement policy which places new users in the
applicable OU based on Company Code.

JDBC (New Users created via SQL) syncs with the ID Vault, eDir and then
to AD. Works just fine.

Here is a snipet (I know, I should use mapping tables but I couldnt
figure that out) of the Policy on the JDBC Placement (Publisher). And
the AD Placement (Publisher and Subscriber).

JDBC:
<?xml version="1.0" encoding="UTF-8"?><policy>
<rule>
<description>ADMIN</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-op-attr mode="regex" name="Company" op="equal">1</if-op-attr>
</and>
</conditions>
<actions>
<do-set-op-dest-dn>
<arg-dn>
<token-text
xml:space="preserve">DOAAWF\Users\AUD\ADMIN\Users</token-text>
<token-text xml:space="preserve">\</token-text>
<token-op-attr name="CN"/>
</arg-dn>
</do-set-op-dest-dn>
</actions>
</rule>
<rule>
AD:
<?xml version="1.0" encoding="UTF-8"?><policy>
<rule>
<description>Mirrored Placement for ADMIN</description>
<conditions>
<or>
<if-src-dn op="in-subtree"
xml:space="preserve">ou=Users,ou=ADMIN,ou=AUD,ou=d c=audits,dc=audits,dc=ga,dc=gov</if-src-dn>
</or>
</conditions>
<actions>
<do-set-op-dest-dn>
<arg-dn>
<token-text
xml:space="preserve">DOAAWF\USERS\AUD\ADMIN\Users</token-text>
<token-text xml:space="preserve">\</token-text>
<token-unmatched-src-dn convert="true"/>
</arg-dn>
</do-set-op-dest-dn>
</actions>
</rule>
<rule>


My issue now is I can create a Group in eDir, it syncs to the ID Vault.
However it does not sync to AD. Any help would be appreciated. Thank
you!!

The OUs match exactly however I receive these errors:

eDir (ID Vault):

DirXML Log Event -------------------
Driver: \DOAA_WFTREE\DOAAWF\DOAA Driver Set\Audit Active Directory
Channel: Subscriber
Object: \DOAA_WFTREE\DOAAWF\USERS\ACTIVE\Legal
Status: Error
Message: <ldap-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">
<client-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">Naming
Violation</client-err>
<server-err>0000206D: UpdErr: DSID-0305011E, problem 6001
(NAME_VIOLATION), data 0
</server-err>
<server-err-ex win32-rc="8301"/>
</ldap-err>


AD (Remote Loader):

<product version="4.0.0.2" asn1id="" build="20130813_120000"
instance="\DOAA_WFTREE\DOAAWF\DOAA Driver Set\Audit Active
Directory">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="error" type="driver-general"
event-id="doaa-atls3#20140220215232#1#2:d7259092-7159-4a1c-7b8e-929025d75971">
<ldap-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">
<client-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">Naming
Violation</client-err>
<server-err>0000206D: UpdErr: DSID-0305011E, problem 6001
(NAME_VIOLATION), data 0
</server-err>
<server-err-ex win32-rc="8301"/>
</ldap-err>
</status>
</output>
</nds>
DirXML: [02/20/14 16:52:42.87]:
DirXML Log Event -------------------
Driver = \DOAA_WFTREE\DOAAWF\DOAA Driver Set\Audit Active
Directory
Thread = Subscriber Channel
Object = \DOAA_WFTREE\DOAAWF\USERS\ACTIVE\Taxes
Level = error
Message = <ldap-err ldap-rc="64"
ldap-rc-name="LDAP_NAMING_VIOLATION">
<client-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">Naming
Violation</client-err>
<server-err>0000206D: UpdErr: DSID-0305011E, problem 6001
(NAME_VIOLATION), data 0
</server-err>
<server-err-ex win32-rc="8301"/>
</ldap-err>


--
kbannister
------------------------------------------------------------------------
kbannister's Profile: https://forums.netiq.com/member.php?userid=2831
View this thread: https://forums.netiq.com/showthread.php?t=50080