Hi,
I am getting an error when adding a user, I think it is happening when
I add a user to a default group. This is a portion of the trace:

<input>
<add class-name="user"
dest-dn="CN=PATKINS,OU=Users,OU=Liverpool_SPS,OU=Hill_D ickinson,DC=Hilldickinson,DC=local"
event-id="HR-WebSelect#Publisher#2163624"
qualified-src-dn="O=HD\OU=users\CN=PATKINS"
src-dn="\IDM\HD\users\PATKINS" src-entry-id="36306">
<add-attr attr-name="displayName">
<value timestamp="1297079115#21" type="string">Philip
Atkinson</value>
</add-attr>
<add-attr attr-name="givenName">
<value timestamp="1297079115#10" type="string">Philip</value>
</add-attr>
<add-attr attr-name="physicalDeliveryOfficeName">
<value timestamp="1297079115#8" type="string">Liverpool - No. 1
St. Paul's Square</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1297079115#4" type="string">Atkinson</value>
</add-attr>
<add-attr attr-name="userPrincipalName">
<value>PATKINS@hilldickinson.local</value>
</add-attr>
<add-attr attr-name="sAMAccountName">
<value>PATKINS</value>
</add-attr>
<add-attr attr-name="dirxml-uACAccountDisable">
<value type="string">false</value>
</add-attr>
<add-attr attr-name="title">
<value type="string"/>
</add-attr>
<password><!-- content suppressed --></password>
</add>
<modify class-name="group" dest-dn="CN=DMS
Users,OU=Groups,OU=CS,DC=Hilldickinson,DC=local"
event-id="HR-WebSelect#Publisher#2163624">
<modify-attr attr-name="member">
<add-value>
<value
type="dn">CN=PATKINS,OU=Users,OU=Liverpool_SPS,OU= Hill_Dickinson,DC=Hilldickinson,DC=local</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[02/07/11 11:45:17.789]P ST:Remote Interface Driver: Document sent.
[02/07/11 11:45:17.824]P :Remote Interface Driver: Received.
[02/07/11 11:45:17.825]P :
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20100203_120000"
instance="\IDM\HD\IDM_DS\ActiveDirectory" version="3.5.8">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="HR-WebSelect#Publisher#2163624" level="error"
type="driver-general">
<ldap-err ldap-rc="21" ldap-rc-name="LDAP_INVALID_SYNTAX">
<client-err ldap-rc="21"
ldap-rc-name="LDAP_INVALID_SYNTAX">Invalid Syntax</client-err>
<server-err>00000057: LdapErr: DSID-0C090C30, comment: Error in
attribute conversion operation, data 0, v1db0</server-err>
<server-err-ex win32-rc="87"/>
</ldap-err>
</status>
<status event-id="HR-WebSelect#Publisher#2163624" level="warning"
type="driver-general">
<ldap-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">
<client-err ldap-rc="32" ldap-rc-name="LDAP_NO_SUCH_OBJECT">No
Such Object</client-err>
<server-err>00000525: NameErr: DSID-031A11CC, problem 2001
(NO_OBJECT), data 0, best match of:
''
</server-err>
<server-err-ex win32-rc="1317"/>
</ldap-err>
</status>
</output>
</nds>

This is the ploicy I am using, I found this example and appeared to
work:

<?xml version="1.0" encoding="UTF-8"?><policy>
<rule>
<description>HD add users to default group</description>
<comment name="author" xml:space="preserve">D Parry</comment>
<comment name="lastchanged" xml:space="preserve">8 June
2010</comment>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-operation op="equal">add</if-operation>
</and>
</conditions>
<actions>
<do-add-dest-attr-value class-name="Group" name="Member"
when="after">
<arg-dn>
<token-text xml:space="preserve">CN=DMS
Users,OU=Groups,OU=CS,DC=Hilldickinson,DC=local</token-text>
</arg-dn>
<arg-value type="dn">
<token-xpath expression="@dest-dn"/>
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>
</policy>

I think this is the cause of the error and yet appears to be actually
working.
Anyone spot anything obvious?
All help appreciated.


--
dave_parry
------------------------------------------------------------------------
dave_parry's Profile: http://forums.novell.com/member.php?userid=99917
View this thread: http://forums.novell.com/showthread.php?t=431874