Glenn wrote:
Posting the log entries near the error, including what appears to be the ldif. Thanks. -G.It's hard to tell without knowing which attribute is complaining about. But I would guess that, since this data has been migrated from NT4, some of the attributes have changed syntax, and MS AD does not like the old values, or perhaps doesn't like the empty values.[28/Nov/2006:10:37:08 -0600] - Windows sync entry: Created new remote entry: dn: cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalperson objectClass: user userprincipalname: jdoe@xxxxxxxxxxxxxx samaccountname: jdoe mail: jdoe@xxxxxxxxxxx userparameters: description: Reference Librarian sn: Doe telephoneNumber: 817-555-1234 codepage:: AAAAAA== cn: John Doe userworkstations: title: Electronic Reference Librarian homeDirectory: profilepath: givenName: John facsimileTelephoneNumber: 817-555-2345 scriptpath: nt_script.bat[28/Nov/2006:10:37:08 -0600] - Attempting to add entry cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com to AD for local entry uid=jdoe,ou=people, o=ourorg.org [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" (boccherini:636): Received result code 21 (00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece) for add operation [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" (boccherini:636): windows_replay_update: Cannot replay add operation.
---------- Original Message ----------- From: Richard Megginson <rmeggins@xxxxxxxxxx>To: "General discussion list for the Fedora Directory server project." <fedora-directory-users@xxxxxxxxxx>Sent: Tue, 28 Nov 2006 10:09:32 -0700 Subject: Re: Windows Sync ErrorerrorGlenn wrote:I'm still trying to get my evaluation copy of Red Hat Directory Server 7.1SP3 to sync with Windows Active Directory. The latest hitch is anthemessage following an initial re-synchronization attempt. The Directory Server has a few hundred users imported from a Windows NT domain. The Active Directory server has none of those users, so the initial re-sync should add them to AD. The error occurs when Windows Sync tries to addUsers,dc=ad,dc=example,dc=comfirst user entry to the Active Directory. The message is:Attempting to add entry cn=John Doe,ou=Domain0C090B38,to AD for local entry uid=jdoe,ou=people,o=ourorg.com Followed by: (ADserver:636): Received result code 21 (00000057: LdapErr: DSID-beforecomment: Error in attribute conversion operation, data 0, vece) for add operationError 21 is #define LDAP_INVALID_SYNTAX 0x15 /* 21 */So AD thinks one of the attributes sent over has an invalid value that doesn't correspond to the syntax it is expecting, or something like that. It might be helpful if you post the LDIF of the entry it has problems with, being careful to obscure any private data.I would appreciate any insight. Hoping to see if this actually worksthe 30-day evaluation runs out. Thanks. -Glenn.-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
