Hello Guys,

We have Vault and the AD connected system which is connected by the AD
driver.
I encountered a problem that user's AD attribute could not be updated
after I changed the user's related information in vault to trigger the
matching.
When I changed an attribute for certain accounts in Vault to trigger
the assocation with user's AD account, there was an error and the AD
account attribute "targetAddress" could not be updated,
below is the level 3 trace:

<input>
<modify class-name="user" event-id="isxlx352#20110617060054#1#1"
qualified-src-dn="O=COM\OU=People\CN=C6532977"
src-dn="\COMVAULT\COM\People\C6532977"
src-entry-id="131117">
<association>bb7964f34434734ea4c3ee37324b6ca9</association>
<modify-attr attr-name="extensionAttribute5">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="extensionAttribute8">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="extensionAttribute11">
<remove-all-values/>
</modify-attr>
</modify>
<modify class-name="user" event-id="isxlx352#20110617060054#1#1"
from-merge="true" qualified-src-dn="O=COM\OU=People\CN=C6532977"
src-dn="\COMVAULT\COM
\People\C6532977" src-entry-id="131117">
<association>bb7964f34434734ea4c3ee37324b6ca9</association>
<modify-attr attr-name="extensionAttribute15">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="manager">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="extensionAttribute11">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="extensionAttribute6">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="COMCustomAttribute5">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="sn">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="COMCustomAttribute2">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="COMCustomAttribute1">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="extensionAttribute14">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="accountExpires">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="title">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="employeeID">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="initials">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="COMCustomAttribute8">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="mail">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="extensionAttribute5">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="givenName">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="extensionAttribute4">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="division">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="COMCustomAttribute4">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="facsimileTelephoneNumber">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="department">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="company">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="displayName">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="COMCustomAttribute6">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="extensionAttribute8">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="dirxml-uACAccountDisable">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="COMCustomAttribute3">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="extensionAttribute15">
<add-value>
<value timestamp="1282076764#9" type="string">SLO</value>
</add-value>
</modify-attr>
<modify-attr attr-name="manager">
<add-value>
<value association-ref="753a2a78a505a047bc0f846983e8d686"
timestamp="1282076764#8"
type="dn">\COMVAULT\COM\People\40022602</value>
</add-value>
</modify-attr>
<modify-attr attr-name="extensionAttribute11">
<add-value>
<value>HASMBX</value>
</add-value>
</modify-attr>
<modify-attr attr-name="extensionAttribute6">
<add-value>
<value>OCSPIC</value>
</add-value>
</modify-attr>
<modify-attr attr-name="sn">
<add-value>
<value timestamp="1282076764#4"
type="string">Guthrie-Brown</value>
</add-value>
</modify-attr>
<modify-attr attr-name="department">
<add-value>
<value timestamp="1282076764#19"
type="string">P&amp;O</value>
</add-value>
</modify-attr>
<modify-attr attr-name="extensionAttribute14">
<add-value>
<value timestamp="1282076764#15" type="string">C</value>
</add-value>
</modify-attr>
<modify-attr attr-name="accountExpires">
<add-value>
<value type="octet">130224543000000000</value>
</add-value>
</modify-attr>
<modify-attr attr-name="proxyAddresses">
<add-value>
<value timestamp="1298153009#4"
type="string">SMTP:stuart.guthrie.brown@COM.COM</value>
</add-value>
</modify-attr>
<modify-attr attr-name="company">
<add-value>
<value timestamp="1282076764#18" type="string">COM
Corporate</value>
</add-value>
</modify-attr>
<modify-attr attr-name="displayName">
<add-value>
<value type="string">Guthrie-Brown, Stuart</value>
</add-value>
</modify-attr>
<modify-attr attr-name="employeeID">
<add-value>
<value timestamp="1282076764#6"
type="string">C6532977</value>
</add-value>
</modify-attr>
<modify-attr attr-name="extensionAttribute8">
<add-value>
<value>REG=NA;MBX=ST</value>
</add-value>
</modify-attr>
<modify-attr attr-name="mail">
<add-value>
<value timestamp="1285980318#8"
type="string">stuart.guthrie.brown@COM.COM</value>
</add-value>
</modify-attr>
<modify-attr attr-name="extensionAttribute5">
<add-value>
<value>OCS</value>
</add-value>
</modify-attr>
<modify-attr attr-name="targetAddress">
<add-value>
<value timestamp="1298153009#8"
type="string">SMTP:stuart.guthrie.brown@COM.COM</value>
</add-value>
</modify-attr>
<modify-attr attr-name="COMCustomAttribute3">
<add-value>
<value timestamp="1282076764#5" type="string">Masterfoods
Slough England</value>
</add-value>
</modify-attr>
<modify-attr attr-name="givenName">
<add-value>
<value timestamp="1287587705#7" type="string">Stuart</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
[06/17/11 02:00:56.854]:ADCOM ST:Remote Interface Driver: Document
sent.
[06/17/11 02:00:56.971]:ADCOM :Remote Interface Driver: Received.
[06/17/11 02:00:56.971]:ADCOM :
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20100203_120000"
instance="\COMVAULT\COM\services\COMDriversNew\AD-COM"
version="3.5.8">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="isxlx352#20110617060054#1#1" level="success"/>
<status event-id="isxlx352#20110617060054#1#1" level="error"
type="driver-general">
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To
Perform</client-err>
<server-err>0000200D: SvcErr: DSID-031A120C, problem 5003
(WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="8205"/>
</ldap-err>

We have configured the "TargetAddress" and "ProxyAddress" as
Synchronize in both Publish and Subscribe channel, but from the trace, I
saw that the AD driver will not remove the TargetAddress from user's AD
account before it tried to add the value, so the TargetAddress could not
be update in AD and caused an error.
Any thoughts about this issue? Please kindly advice if my investigation
is wrong, your help will be much appreciated. Thanks in advance.


--
shisam
------------------------------------------------------------------------
shisam's Profile: http://forums.novell.com/member.php?userid=110115
View this thread: http://forums.novell.com/showthread.php?t=440569