Ok, here's the scenario I need to write a managers DN to AD, separate from/in addition the manager attribute. So we had a attribute in AD created called myorgPersonPrimaryManager, unfortunately we omitted that this needed to be DN syntax when the attribute got created and it was created as a case ignore string. So my DN would show as a string in IDM slash formatted DN but I really need it to be converted to a valid DN in AD. I had our AD Admins depreciate this attribute, and create a new one with the same name(of course the common name is incremented to be unique) but DN syntax.
The problem is now when I'm writing this attribute I'm getting the following error.
<status level="error" type="driver-general" event-id="meta4-t#20170601152135#3#1:d0f004a2-3d37-4e5f-719a-a204f0d0373d">
<ldap-err ldap-rc="34" ldap-rc-name="LDAP_INVALID_DN_SYNTAX">
<client-err ldap-rc="34" ldap-rc-name="LDAP_INVALID_DN_SYNTAX">Invalid DN Syntax</client-err>
<server-err>00000057: LdapErr: DSID-0C090CE0, comment: Error in attribute conversion operation, data 0, v2580</server-err>
<server-err-ex win32-rc="87"/>
</ldap-err>
</status>

When the change happens, it seems to think the MAD Syntax is CaseIgnoreString whereas the modify on the manager attribute does not even do that operation, and the syntax coming across for the myorgPersonPrimaryManager is in slash format whereas the manager is in ldap format.

The syntax for the myorgPersonPrimaryManager attribute on the eDirectory side is DN format same as manager.

Anyone encountered anything similar?


Full lvl3 trace from remote loader side is here https://paste.opensuse.org/75cdef0e