Glenn wrote: >I wasn't thinking when I said the directory server data was imported from >NT. It actually came from a Netscape Directory server. Just as a test, I >exported a few users to an ldif file and tried to use the ldifde on the W2003 >domain controller to import them. It seems to find a syntax error on every >line in the file, making it impossible to narrow it down. > >I can't possibly be the only person who has run into this problem. Hoping >someone can shed some light. Thanks. -Glenn. > > We ran into this problem while developing the code. Unfortunately AD is brain-damaged with it comes to diagnosing why it objected to a particular operation. There seems to be no way to get it to log some decent diagnostic information, and it does not provide an adequate error message over the wire. In debugging these problems I first added the code that you have seen that dumps out the complete entry to the log. Then I pasted the entry into an ldapmodify command to reproduce the problem outside the server. Finally I edited the LDIF to trim off likely looking attributes until AD quit complaining. At that point I knew which one it was barfing over. I would begin by removing all the NT domain related attributes from a test entry and see if it adds ok. Then add them back one by one to see which is causing the problem.
