Re: Windows Sync Error

[Richard Megginson <rmeggins@xxxxxxxxxx>]

Glenn wrote:
> I wasn't thinking when I said the directory server data was imported from 
> NT.  It actually came from a Netscape Directory server.  Just as a test, I 
> exported a few users to an ldif file and tried to use the ldifde on the W2003 
> domain controller to import them.  It seems to find a syntax error on every 
> line in the file, making it impossible to narrow it down.
>   
Do you have any trailing white space in those values?
> I can't possibly be the only person who has run into this problem.  Hoping 
> someone can shed some light.  Thanks.   -Glenn.
>
>
> ---------- Original Message -----------
> From: Richard Megginson <rmeggins@xxxxxxxxxx>
> To: "General discussion list for the Fedora Directory server project." 
> <fedora-directory-users@xxxxxxxxxx>
> Sent: Tue, 28 Nov 2006 10:46:52 -0700
> Subject: Re:  Windows Sync Error
>
>   
> > Glenn wrote:
> >     
> > > Posting the log entries near the error, including what appears to be the 
> > > ldif.  Thanks.   -G.
> > >
> > > [28/Nov/2006:10:37:08 -0600] - Windows sync entry: Created new remote 
> > >       
> entry:
>   
> > >  dn: cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com
> > > objectClass: top
> > > objectClass: person
> > > objectClass: organizationalperson
> > > objectClass: user
> > > userprincipalname: jdoe@xxxxxxxxxxxxxx
> > > samaccountname: jdoe
> > > mail: jdoe@xxxxxxxxxxx
> > > userparameters:
> > > description: Reference Librarian
> > > sn: Doe
> > > telephoneNumber: 817-555-1234
> > > codepage:: AAAAAA==
> > > cn: John Doe
> > > userworkstations:
> > > title: Electronic Reference Librarian
> > > homeDirectory:
> > > profilepath:
> > > givenName: John
> > > facsimileTelephoneNumber: 817-555-2345
> > > scriptpath: nt_script.bat
> > >
> > > [28/Nov/2006:10:37:08 -0600] - Attempting to add entry cn=John 
> > >       
> Doe,ou=Domain 
>   
> > > Users,dc=ad,dc=example,dc=com to AD for local entry uid=jdoe,ou=people, 
> > > o=ourorg.org
> > > [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" 
> > > (boccherini:636): Received result code 21 (00000057: LdapErr: DSID-
> > >       
> 0C090B38, 
>   
> > > comment: Error in attribute conversion operation, data 0, vece) for add 
> > > operation 
> > > [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" 
> > > (boccherini:636): windows_replay_update: Cannot replay add operation.
> > >   
> > >       
> > It's hard to tell without knowing which attribute is complaining 
> > about.  But I would guess that, since this data has been migrated 
> > from NT4, some of the attributes have changed syntax, and MS AD does 
> > not like the old values, or perhaps doesn't like the empty values.
> >     
> > > ---------- Original Message -----------
> > > From: Richard Megginson <rmeggins@xxxxxxxxxx>
> > > To: "General discussion list for the Fedora Directory server project." 
> > > <fedora-directory-users@xxxxxxxxxx>
> > > Sent: Tue, 28 Nov 2006 10:09:32 -0700
> > > Subject: Re:  Windows Sync Error
> > >
> > >   
> > >       
> > > > Glenn wrote:
> > > >     
> > > >         
> > > > > I'm still trying to get my evaluation copy of Red Hat Directory Server 
> > > > > 7.1SP3 to sync with Windows Active Directory.  The latest hitch is an 
> > > > >       
> > > > >           
> > > error 
> > >   
> > >       
> > > > > message following an initial re-synchronization attempt.  The Directory 
> > > > > Server has a few hundred users imported from a Windows NT domain.  The 
> > > > > Active Directory server has none of those users, so the initial re-sync 
> > > > > should add them to AD.  The error occurs when Windows Sync tries to add 
> > > > >       
> > > > >           
> > > the 
> > >   
> > >       
> > > > > first user entry to the Active Directory.  The message is:
> > > > >
> > > > > Attempting to add entry cn=John Doe,ou=Domain 
> > > > >       
> > > > >           
> > > Users,dc=ad,dc=example,dc=com 
> > >   
> > >       
> > > > > to AD for local entry uid=jdoe,ou=people,o=ourorg.com
> > > > >
> > > > > Followed by:
> > > > >
> > > > > (ADserver:636): Received result code 21 (00000057: LdapErr: DSID-
> > > > >       
> > > > >           
> > > 0C090B38, 
> > >   
> > >       
> > > > > comment: Error in attribute conversion operation, data 0, vece) for add 
> > > > > operation
> > > > >   
> > > > >       
> > > > >           
> > > > Error 21 is
> > > > #define LDAP_INVALID_SYNTAX             0x15    /* 21 */
> > > >
> > > > So AD thinks one of the attributes sent over has an invalid value 
> > > > that doesn't correspond to the syntax it is expecting, or something 
> > > > like that. It might be helpful if you post the LDIF of the entry it 
> > > > has problems with, being careful to obscure any private data.
> > > >     
> > > >         
> > > > > I would appreciate any insight.  Hoping to see if this actually works 
> > > > >       
> > > > >           
> > > before 
> > >   
> > >       
> > > > > the 30-day evaluation runs out.  Thanks.   -Glenn.
> > > > >
> > > > >  
> > > > >           
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users