We have a need to sync the invalid login attempts between environments.
I do not have problems on eDir-to-eDir sync, but unable to get the
value between eDir-to-AD.
I have schema mapped of eDir - "loginIntruderAttempts" to AD -
"badPwdCount". I received the <ldap-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM"> error when trying to sync the
invalog login count.

How to correct this?

Thanks,
Chit W.

Below is the trace on the AD side.
DirXML: [10/15/09 09:24:22.79]: ADDriver: object changes complete
DirXML: [10/15/09 09:25:08.38]: Loader: Received 'subscriber execute'
document
DirXML: [10/15/09 09:25:08.38]: Loader: XML Document:
DirXML: [10/15/09 09:25:08.38]: <nds dtdversion="3.5"
ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20091015132508.075Z" class-name="user"
event-id="ncc046#20091015132508#2#1"
qualified-src-dn="O=VAULT\OU=ACCOUNTS\OU=INTERNAL\CN=aaa a bbbb -
da62bbb9-fcc7-4067-9d7c-00e540e12031"
src-dn="\NCID7X_METAD\VAULT\ACCOUNTS\INTERNAL\aaa a bbbb -
da62bbb9-fcc7-4067-9d7c-00e540e12031" src-entry-id="33407"
timestamp="1255613108#1">
<association
state="associated">b6f664353817614095351ea6acd19e8 8</association>
<modify-attr attr-name="badPwdCount">
<remove-all-values/>
<add-value>
<value type="counter">1</value>
</add-value>
</modify-attr>
<modify-attr attr-name="dirxml-uACAccountDisable">
<remove-all-values/>
<add-value>
<value type="string">FALSE</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [10/15/09 09:25:08.38]: Loader: Calling
subscriptionShim->execute()
DirXML: [10/15/09 09:25:08.38]: Loader: XML Document:
DirXML: [10/15/09 09:25:08.38]: <nds dtdversion="3.5"
ndsversion="8.x">
<source>
<product version="3.6.10.4747">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20091015132508.075Z" class-name="user"
event-id="ncc046#20091015132508#2#1"
qualified-src-dn="O=VAULT\OU=ACCOUNTS\OU=INTERNAL\CN=aaa a bbbb -
da62bbb9-fcc7-4067-9d7c-00e540e12031"
src-dn="\NCID7X_METAD\VAULT\ACCOUNTS\INTERNAL\aaa a bbbb -
da62bbb9-fcc7-4067-9d7c-00e540e12031" src-entry-id="33407"
timestamp="1255613108#1">
<association
state="associated">b6f664353817614095351ea6acd19e8 8</association>
<modify-attr attr-name="badPwdCount">
<remove-all-values/>
<add-value>
<value type="counter">1</value>
</add-value>
</modify-attr>
<modify-attr attr-name="dirxml-uACAccountDisable">
<remove-all-values/>
<add-value>
<value type="string">FALSE</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
DirXML: [10/15/09 09:25:08.38]: ADDriver: parse command

className user
destDN
eventId ncc046#20091015132508#2#1
association b6f664353817614095351ea6acd19e88
DirXML: [10/15/09 09:25:08.38]: ADDriver: parse modify class = user
DirXML: [10/15/09 09:25:08.38]: ADDriver: association
DirXML: [10/15/09 09:25:08.38]: ADDriver:
b6f664353817614095351ea6acd19e88
DirXML: [10/15/09 09:25:08.38]: ADDriver: modify-attr
DirXML: [10/15/09 09:25:08.38]: ADDriver: remove-all-values
DirXML: [10/15/09 09:25:08.38]: ADDriver: add-value
DirXML: [10/15/09 09:25:08.38]: ADDriver: value
DirXML: [10/15/09 09:25:08.38]: ADDriver: 1
DirXML: [10/15/09 09:25:08.38]: ADDriver: modify-attr
DirXML: [10/15/09 09:25:08.38]: ADDriver: remove-all-values
DirXML: [10/15/09 09:25:08.38]: ADDriver: add-value
DirXML: [10/15/09 09:25:08.38]: ADDriver: value
DirXML: [10/15/09 09:25:08.38]: ADDriver: FALSE
DirXML: [10/15/09 09:25:08.38]: ADDriver: ldap_modify user CN=aaa a
bbbb -
da62bbb9-fcc7-4067-9d7c-00e540e12031,OU=accounts,DC=ITST,DC=PRIVT
LDAPMod operations:
delete attribute badPwdCount
add attribute badPwdCount
>> 1

replace attribute userAccountControl
>> 512

DirXML: [10/15/09 09:25:08.38]: Loader: subscriptionShim->execute()
returned:
DirXML: [10/15/09 09:25:08.38]: Loader: XML Document:
DirXML: [10/15/09 09:25:08.38]: <nds ndsversion="8.7"
dtdversion="1.1">
<source>
<product version="3.5.3" asn1id="" build="20080229_143300"
instance="\NCID7X_METAD\state\DriverSet\EDM">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="error" type="driver-general"
event-id="ncc046#20091015132508#2#1">
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To
Perform</client-err>
<server-err>0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="8346"/>
</ldap-err>
</status>
</output>
</nds>
DirXML: [10/15/09 09:25:08.38]:
DirXML Log Event -------------------
Driver = \NCID7X_METAD\state\DriverSet\EDM
Thread = Subscriber Channel
Object = \NCID7X_METAD\VAULT\ACCOUNTS\INTERNAL\aaa a bbbb -
da62bbb9-fcc7-4067-9d7c-00e540e12031
Level = error
Message = <ldap-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To
Perform</client-err>
<server-err>0000209A: SvcErr: DSID-031A0DD5, problem 5003
(WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="8346"/>
</ldap-err>
DirXML: [10/15/09 09:25:22.77]: ADDriver: get object changes - 0x0000
DirXML: [10/15/09 09:25:22.77]: ADDriver: object changes complete


--
cwisuths
------------------------------------------------------------------------
cwisuths's Profile: http://forums.novell.com/member.php?userid=20050
View this thread: http://forums.novell.com/showthread.php?t=389489