I'm trying to assign a group to a role via IdM police (add role). This is IdM 4.5.6. I'm getting a DAL Communication error when my policy triggers. So I enabled debug logging and I see this in the UserApp catalina.out:

Code:
2017-10-09 15:25:13,413 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM] VDA.getEntity: cn=20171009152513-4dc91b6ea4e84b5890140502644253c6-0,cn=Requests,cn=RoleConfi
g,cn=AppConfig,cn=UserApplication,cn=driverset1,o=system
2017-10-09 15:25:13,471 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataModel- [RBPM] VDM.getEntityDefinition(String, Locale):sys-nrf-request
2017-10-09 15:25:13,471 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualEntityAttribute- [RBPM] VDM. Inbound attribute: Category converted from:class java.lang.Integer to: String
2017-10-09 15:25:13,471 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualEntityAttribute- [RBPM] VDM. Inbound attribute: Requester converted from:class javax.naming.ldap.LdapName to: S
tring
2017-10-09 15:25:13,471 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualEntityAttribute- [RBPM] VDM. Inbound attribute: Immediate converted from:class java.lang.Boolean to: String
2017-10-09 15:25:13,471 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM] VDA.createEntity: cn=20171009152513-4dc91b6ea4e84b5890140502644253c6-0,cn=Requests,cn=RoleCo
nfig,cn=AppConfig,cn=UserApplication,cn=driverset1,o=system
2017-10-09 15:25:13,471 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM] VDA. Time attribute is being converted to LDAP time format: StartDate
2017-10-09 15:25:13,471 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM] VDA. Time attribute is being converted to LDAP time format: RequestDate
2017-10-09 15:25:13,471 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM] VDA.createEntity Attributes and values
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: nrfStatus
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      0
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: nrfCorrelationId
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      Mon Oct 09 15:25:12 EDT 2017
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: nrfDescription
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      Assigning D2600 to Role
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: objectClass
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      nrfRequest
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: nrfRequester
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      cn=idm_bld_uaadmin,ou=sa,o=data
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: nrfRequestDate
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      20171009192513Z
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: nrfTargetDN
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      cn=D2600,ou=groups,o=data
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: nrfSourceDN
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      cn=D2600,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=driver
set1,o=system
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: nrfStartDate
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      20171009192513Z
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: cn
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      20171009152513-4dc91b6ea4e84b5890140502644253c6-0
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: nrfCategory
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      10
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]   Attribute ID: nrfImmediate
2017-10-09 15:25:13,472 [http-bio-443-exec-17] DEBUG com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM]      true
2017-10-09 15:25:13,476 [http-bio-443-exec-17] ERROR com.novell.srvprv.impl.vdata.model.VirtualDataAccess- [RBPM] Ldap error creating object: cn=20171009152513-4dc91b6ea4e84b5890140502644253c6-0,cn=Requests
,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=driverset1,o=system. Error: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - NDS error: syntax violation (-613)]; remaining nam
e 'cn=20171009152513-4dc91b6ea4e84b5890140502644253c6-0,cn=Requests,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=driverset1,o=system'
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - NDS error: syntax violation (-613)]; remaining name 'cn=20171009152513-4dc91b6ea4e84b5890140502644253c6-0,cn=Requests,cn=RoleCon
fig,cn=AppConfig,cn=UserApplication,cn=driverset1,o=system'

But I cannot tell what is wrong, all the attributes look right. I even created an LDIF of the same attributes and it added fine into eDir:

Code:
dn: cn=20171009152513-4dc91b6ea4e84b5890140502644253c6-0,cn=Requests,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=driverset1,o=system
changetype: add
nrfStatus: 0
nrfCorrelationId: Mon Oct 09 15:25:12 EDT 2017
nrfDescription: Arssigning D2600 to Role
objectClass: nrfRequest
nrfRequester: cn=idm_bld_uaadmin,ou=sa,o=data
nrfRequestDate: 20171009192513Z
nrfTargetDN: cn=D2600,ou=groups,o=data
nrfSourceDN: cn=D2600,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=driverset1,o=system
nrfStartDate: 20171009192513Z
cn: 20171009152513-4dc91b6ea4e84b5890140502644253c6-0
nrfCategory: 10
nrfImmediate: true
I added that using ldapmodify with no problem.

Any idea what the heck I'm missing here? Thanks!

Matt