I've setup a workflow which modifies the Entitlement for a User. When
running through the workflow it hits an error:

13:05:07,783 ERROR [VirtualDataAccess] Ldap error updating object:
cn=IDV0000001,ou=people,o=vault. Error:
javax.naming.directory.InvalidAttributeValueExcept ion: [LDAP: error code
19 - NDS error: syntax violation (-613)]; remaining name
'cn=IDV0000001,ou=people,o=vault'
javax.naming.directory.InvalidAttributeValueExcept ion: [LDAP: error
code 19 - NDS error: syntax violation (-613)]; remaining name
'cn=IDV0000001,ou=people,o=vault'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.jav a:3084)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCt x.java:3017)
...

When I run a trace on the LDAP Server I see the following:

12:59:17 A1DD7BA0 LDAP: modifications:
12:59:17 A1DD7BA0 LDAP: replace: DirXML-EntitlementRef
12:59:17 A1DD7BA0 LDAP: replace: objectClass
12:59:17 A1DD7BA0 LDAP: DDCModifyEntry failed, err = syntax violation
(-613)
12:59:17 A1DD7BA0 LDAP: Sending operation result 19:"":"NDS error:
syntax violation (-613)" to connection 0x14d86280

So it appears that the workflow process is trying to do two things:
1) Replace the entire value for "DirXML-EntitlementRef" which is where
the current entitlements are held, I imagine.
2) Replace the entire value for "objectClass".

Both of these are multi-valued, so I have the following questions:

1) Why is it trying to "replace" instead of just "add"?
2) How can I change this behaviour so that it just adds to the
entitlement as I expect it to. eDirectory will handle the objectClass on
its own so the workflow should leave it alone (or add to it)!

Note: the current user has no entitlements at all, so I imagine that
the violation is due to the attempt at replacing the whole "objectClass"
attribute.


--
preycor
------------------------------------------------------------------------
preycor's Profile: http://forums.novell.com/member.php?userid=7822
View this thread: http://forums.novell.com/showthread.php?t=389060