I've been seing issues on Merges of user accounts and have traced the
root cause to the AD Driver LDAP command failing when the document tries
to sync an IDV User (merge) that has a multi-valued Description field.

In short, when Merge document contains:

<modify-attr attr-name="description">
<add-value>
<value timestamp=....... type="string">value1</value>
<value timestamp=....... type="string">value2</value>
</add-value>

it produce an error <ldap-err ldap-rc="53" ldap-rc-name
="LDAP_UNWILLING_TO_PERFORM">

I've tested several scenario and it's nothing else but the multi-values
description that cause the error.

I saw a Novell Bug #133631 and have since updated my AD Driver to 3.5.8
Patch 3. This only fixed the issue on an ADD, not a merge.

P.S.: On a regular modify, if you add a 2nd value to the e-Dir User,
the AD Driver's behaviour will overwrite the existing AD User
description instead of appending.

I know I can fix this with Policies in the AD Driver SubCT but is there
a known Novell fix for this ?


--
pplante
------------------------------------------------------------------------
pplante's Profile: http://forums.novell.com/member.php?userid=69407
View this thread: http://forums.novell.com/showthread.php?t=406219