I wasn't thinking when I said the directory server data was imported from NT. It actually came from a Netscape Directory server. Just as a test, I exported a few users to an ldif file and tried to use the ldifde on the W2003 domain controller to import them. It seems to find a syntax error on every line in the file, making it impossible to narrow it down. I can't possibly be the only person who has run into this problem. Hoping someone can shed some light. Thanks. -Glenn. ---------- Original Message ----------- From: Richard Megginson <rmeggins@xxxxxxxxxx> To: "General discussion list for the Fedora Directory server project." <fedora-directory-users@xxxxxxxxxx> Sent: Tue, 28 Nov 2006 10:46:52 -0700 Subject: Re: Windows Sync Error > Glenn wrote: > > Posting the log entries near the error, including what appears to be the > > ldif. Thanks. -G. > > > > [28/Nov/2006:10:37:08 -0600] - Windows sync entry: Created new remote entry: > > dn: cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com > > objectClass: top > > objectClass: person > > objectClass: organizationalperson > > objectClass: user > > userprincipalname: jdoe@xxxxxxxxxxxxxx > > samaccountname: jdoe > > mail: jdoe@xxxxxxxxxxx > > userparameters: > > description: Reference Librarian > > sn: Doe > > telephoneNumber: 817-555-1234 > > codepage:: AAAAAA== > > cn: John Doe > > userworkstations: > > title: Electronic Reference Librarian > > homeDirectory: > > profilepath: > > givenName: John > > facsimileTelephoneNumber: 817-555-2345 > > scriptpath: nt_script.bat > > > > [28/Nov/2006:10:37:08 -0600] - Attempting to add entry cn=John Doe,ou=Domain > > Users,dc=ad,dc=example,dc=com to AD for local entry uid=jdoe,ou=people, > > o=ourorg.org > > [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" > > (boccherini:636): Received result code 21 (00000057: LdapErr: DSID- 0C090B38, > > comment: Error in attribute conversion operation, data 0, vece) for add > > operation > > [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" > > (boccherini:636): windows_replay_update: Cannot replay add operation. > > > It's hard to tell without knowing which attribute is complaining > about. But I would guess that, since this data has been migrated > from NT4, some of the attributes have changed syntax, and MS AD does > not like the old values, or perhaps doesn't like the empty values. > > > > > > ---------- Original Message ----------- > > From: Richard Megginson <rmeggins@xxxxxxxxxx> > > To: "General discussion list for the Fedora Directory server project." > > <fedora-directory-users@xxxxxxxxxx> > > Sent: Tue, 28 Nov 2006 10:09:32 -0700 > > Subject: Re: Windows Sync Error > > > > > >> Glenn wrote: > >> > >>> I'm still trying to get my evaluation copy of Red Hat Directory Server > >>> 7.1SP3 to sync with Windows Active Directory. The latest hitch is an > >>> > > error > > > >>> message following an initial re-synchronization attempt. The Directory > >>> Server has a few hundred users imported from a Windows NT domain. The > >>> Active Directory server has none of those users, so the initial re-sync > >>> should add them to AD. The error occurs when Windows Sync tries to add > >>> > > the > > > >>> first user entry to the Active Directory. The message is: > >>> > >>> Attempting to add entry cn=John Doe,ou=Domain > >>> > > Users,dc=ad,dc=example,dc=com > > > >>> to AD for local entry uid=jdoe,ou=people,o=ourorg.com > >>> > >>> Followed by: > >>> > >>> (ADserver:636): Received result code 21 (00000057: LdapErr: DSID- > >>> > > 0C090B38, > > > >>> comment: Error in attribute conversion operation, data 0, vece) for add > >>> operation > >>> > >>> > >> Error 21 is > >> #define LDAP_INVALID_SYNTAX 0x15 /* 21 */ > >> > >> So AD thinks one of the attributes sent over has an invalid value > >> that doesn't correspond to the syntax it is expecting, or something > >> like that. It might be helpful if you post the LDIF of the entry it > >> has problems with, being careful to obscure any private data. > >> > >>> I would appreciate any insight. Hoping to see if this actually works > >>> > > before > > > >>> the 30-day evaluation runs out. Thanks. -Glenn. > >>> > >>> -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
