Users are not synchronise/created in Active Directory using Remote
Loader/AD Driver

Please find below the AD Trace log(Bold error output) when we start the
AD Driver from Imanager .

DirXML: [07/02/12 02:32:16.02]: Loader: Connected.
DirXML: [07/02/12 02:32:16.02]: Loader: Reading driver state from file
DirXML: [07/02/12 02:32:16.03]: Loader: Starting driver...
DirXML: [07/02/12 02:32:16.03]: Loader: Calling driverShim->init()
DirXML: [07/02/12 02:32:16.03]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.03]: <nds dtdversion="4.0"
ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active
Directory Driver">
<authentication-info>
<server>192.168.100.1</server>
<user>CN=ADDriver_idm,CN=Users,DC=idm,DC=com</user>
<password><!-- content suppressed --></password>
</authentication-info>
<driver-options>
<auth-options display-name="Show authentication
options">hide</auth-options>
<auth-method display-name="Authentication
Method">Negotiate</auth-method>
<signing display-name="Digitally sign communications">no</signing>
<sealing display-name="Digitally sign and seal
communications">no</sealing>
<use-ssl display-name="Use SSL for LDAP connection between Driver
Shim and AD">no</use-ssl>
<impersonation display-name="Logon and
impersonate">yes</impersonation>
<xchg-options display-name="Show Exchange Management
Options">hide</xchg-options>
<xchg-prov display-name="Enable Exchange mailbox
provisioning">disabled</xchg-prov>
<exch-api-type display-name="Exchange Management interface
type">use-exch-2010</exch-api-type>
<exch-move display-name="Allow Exchange mailbox
move">yes</exch-move>
<exch-delete display-name="Allow Exchange mailbox
delete">yes</exch-delete>
<access-options display-name="Show access
options">hide</access-options>
<pollingInterval display-name="Driver Polling
Interval">1</pollingInterval>
<pub-heartbeat-interval display-name="Publisher heartbeat
interval">1</pub-heartbeat-interval>
<pub-password-expire-time display-name="Password Sync Timeout
(minutes)">5</pub-password-expire-time>
<search-domain-scope display-name="Search domain s
DirXML: [07/02/12 02:32:16.05]: cope">yes</search-domain-scope>
<retry-ldap-auth-unknown display-name="Retry LDAP Auth unknown
error">no</retry-ldap-auth-unknown>
<enable-incremental-values display-name="Enable DirSync Incremental
Values">no</enable-incremental-values>
<advanced-options display-name="Show advanced
options">hide</advanced-options>
<enable-delete-protected-2008 display-name="Enable Deletion of
protected objects in Windows server
2008">no</enable-delete-protected-2008>
</driver-options>
</init-params>
</input>
</nds>
DirXML: [07/02/12 02:32:16.06]: ADDriver: Driver::init
DirXML: [07/02/12 02:32:16.06]: ADDriver: MadDriver:nInit()
DirXML: [07/02/12 02:32:16.06]: ADDriver: MadConnMgr::initialize
DirXML: [07/02/12 02:32:16.06]: Loader: driverShim->init() returned:
DirXML: [07/02/12 02:32:16.06]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.08]: <nds ndsversion="8.7"
dtdversion="1.1">
<source>
<product version="3.5.14" asn1id="" build="20110211_120000"
instance="">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
DirXML: [07/02/12 02:32:16.08]: Loader: Calling
subscriptionShim->init()
DirXML: [07/02/12 02:32:16.08]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.08]: <nds dtdversion="4.0"
ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active
Directory Driver">
<authentication-info>
<server>192.168.100.1</server>
<user>CN=ADDriver_idm,CN=Users,DC=idm,DC=com</user>
<password><!-- content suppressed --></password>
</authentication-info>
<driver-filter>
<allow-class class-name="Country"/>
<allow-class class-name="domain">
<allow-attr attr-name="dc"/>
<allow-attr attr-name="description"/>
<allow-attr attr-name="GUID"/>
</allow-class>
<allow-class class-name="group">
<allow-attr attr-name="description"/>
<allow-attr attr-name="displayName"/>
<allow-attr attr-name="L"/>
<allow-attr attr-name="member"/>
<allow-attr attr-name="managedBy"/>
</allow-class>
<allow-class class-name="locality"/>
<allow-class class-name="nrfRequest"/>
<allow-class class-name="nrfResourceAssociation"/>
<allow-class class-name="nrfResourceRequest"/>
<allow-class class-name="nrfRole"/>
<allow-class class-name="organization"/>
<allow-class class-name="organizationalUnit">
<allow-attr attr-name="description"/>
</allow-class>
<allow-class class-name="srvprvDirectoryModel"/>
<allow-class class-name="user">
<allow-attr attr-name="city"/>
<allow-attr attr-name="sAMAccountName"/>
<allow-attr attr-name="userPrincipalName"/>
<allow-attr attr-name="DirXML-EntitlementRef"/>
<allow-attr attr-name="DirXML-EntitlementResult"/>
<allow-attr attr-name="DirXML-PasswordSyncStatus"/>
<allow-attr attr-name="facsimileTelephoneNumber"/>
<allow-attr attr-name="displ
DirXML: [07/02/12 02:32:16.10]: ayName"/>
<allow-attr attr-name="givenName"/>
<allow-attr attr-name="initials"/>
<allow-attr attr-name="mail"/>
<allow-attr attr-name="physicalDeliveryOfficeName"/>
<allow-attr attr-name="logonHours"/>
<allow-attr attr-name="dirxml-uACAccountDisable"/>
<allow-attr attr-name="accountExpires"/>
<allow-attr attr-name="l"/>
<allow-attr attr-name="postalCode"/>
<allow-attr attr-name="postOfficeBox"/>
<allow-attr attr-name="st"/>
<allow-attr attr-name="streetAddress"/>
<allow-attr attr-name="sn"/>
<allow-attr attr-name="telephoneNumber"/>
<allow-attr attr-name="title"/>
</allow-class>
</driver-filter>
</init-params>
</input>
</nds>
DirXML: [07/02/12 02:32:16.10]: ADDriver: Subscriber::init
DirXML: [07/02/12 02:32:16.11]: Loader: subscriptionShim->init()
returned:
DirXML: [07/02/12 02:32:16.11]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.11]: <nds ndsversion="8.7"
dtdversion="1.1">
<source>
<product version="3.5.14" asn1id="" build="20110211_120000"
instance="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
Driver">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
DirXML: [07/02/12 02:32:16.17]: Loader: Calling
publicationShim->init()
DirXML: [07/02/12 02:32:16.17]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.17]: <nds dtdversion="4.0"
ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params src-dn="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active
Directory Driver">
<authentication-info>
<server>192.168.100.1</server>
<user>CN=ADDriver_idm,CN=Users,DC=idm,DC=com</user>
<password><!-- content suppressed --></password>
</authentication-info>
<driver-filter>
<allow-class class-name="Country"/>
<allow-class class-name="domain">
<allow-attr attr-name="dc"/>
<allow-attr attr-name="description"/>
<allow-attr attr-name="GUID"/>
</allow-class>
<allow-class class-name="group">
<allow-attr attr-name="description"/>
<allow-attr attr-name="displayName"/>
<allow-attr attr-name="L"/>
<allow-attr attr-name="member"/>
<allow-attr attr-name="managedBy"/>
</allow-class>
<allow-class class-name="locality"/>
<allow-class class-name="nrfRequest"/>
<allow-class class-name="nrfResourceAssociation"/>
<allow-class class-name="nrfResourceRequest"/>
<allow-class class-name="nrfRole"/>
<allow-class class-name="organization"/>
<allow-class class-name="organizationalUnit">
<allow-attr attr-name="description"/>
</allow-class>
<allow-class class-name="srvprvDirectoryModel"/>
<allow-class class-name="user">
<allow-attr attr-name="city"/>
<allow-attr attr-name="sAMAccountName"/>
<allow-attr attr-name="userPrincipalName"/>
<allow-attr attr-name="DirXML-EntitlementRef"/>
<allow-attr attr-name="DirXML-EntitlementResult"/>
<allow-attr attr-name="DirXML-PasswordSyncStatus"/>
<allow-attr attr-name="displayName"/>
<allow-attr attr-name="givenName"/>

DirXML: [07/02/12 02:32:16.19]: <allow-attr attr-name="initials"/>
<allow-attr attr-name="mail"/>
<allow-attr attr-name="physicalDeliveryOfficeName"/>
<allow-attr attr-name="logonHours"/>
<allow-attr attr-name="dirxml-uACAccountDisable"/>
<allow-attr attr-name="accountExpires"/>
<allow-attr attr-name="l"/>
<allow-attr attr-name="postalCode"/>
<allow-attr attr-name="postOfficeBox"/>
<allow-attr attr-name="st"/>
<allow-attr attr-name="streetAddress"/>
<allow-attr attr-name="sn"/>
<allow-attr attr-name="telephoneNumber"/>
<allow-attr attr-name="title"/>
</allow-class>
</driver-filter>
<publisher-state>
<cookie>INITIALIZE_COOKIE</cookie>
</publisher-state>
</init-params>
</input>
</nds>
DirXML: [07/02/12 02:32:16.19]: ADDriver: Publisher::init
DirXML: [07/02/12 02:32:16.19]: Loader: publicationShim->init()
returned:
DirXML: [07/02/12 02:32:16.21]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.21]: <nds ndsversion="8.7"
dtdversion="1.1">
<source>
<product version="3.5.14" asn1id="" build="20110211_120000"
instance="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
Driver">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success">Configured publisher polling interval to
1</status>
<status level="success">Configured heartbeat interval to 1</status>
<status level="success">Configured Password Expiration Time to
5</status>
</output>
</nds>
DirXML: [07/02/12 02:32:16.21]:
DirXML Log Event -------------------
Driver = \XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
Driver
Thread = Subscriber Channel
Level = success
Message = Remote driver successfully started.
DirXML: [07/02/12 02:32:16.39]: Loader: Calling
publicationShim->start()
DirXML: [07/02/12 02:32:16.39]: Loader: Received document from
publicationShim
DirXML: [07/02/12 02:32:16.39]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.41]: <nds dtdversion="2.2">
<source>
<product version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<init-params>
<publisher-state>
<cookie>INITIALIZE_COOKIE</cookie>
</publisher-state>
</init-params>
</input>
</nds>
DirXML: [07/02/12 02:32:16.41]: Loader: Writing driver state to file
DirXML: [07/02/12 02:32:16.41]: Loader: Document consists only of
state; not sending to remote side
DirXML: [07/02/12 02:32:16.41]: Loader: Returning to publisher:
DirXML: [07/02/12 02:32:16.42]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.42]: <nds ndsversion="8.6"
dtdversion="1.0">
<output>
<status level="success"/>
</output>
</nds>
DirXML: [07/02/12 02:32:16.42]: ADDriver: rootDSE information needed.
DirXML: [07/02/12 02:32:16.42]: ADDriver: Make unauthenticated
connection to rootDSE
DirXML: [07/02/12 02:32:16.44]: Loader: Received 'subscriber execute'
document
DirXML: [07/02/12 02:32:16.46]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.46]: <nds dtdversion="4.0"
ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query event-id="query-driver-ident" scope="entry">
<search-class class-name="__driver_identification_class__"/>
<read-attr/>
</query>
</input>
</nds>
DirXML: [07/02/12 02:32:16.47]: Loader: Calling
subscriptionShim->execute()
DirXML: [07/02/12 02:32:16.47]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.47]: <nds dtdversion="4.0"
ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query event-id="query-driver-ident" scope="entry">
<search-class class-name="__driver_identification_class__"/>
<read-attr/>
</query>
</input>
</nds>
DirXML: [07/02/12 02:32:16.47]: ADDriver: parse command

className
destDN
eventId query-driver-ident
association
DirXML: [07/02/12 02:32:16.49]: Loader: subscriptionShim->execute()
returned:
DirXML: [07/02/12 02:32:16.49]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.49]: <nds ndsversion="8.7"
dtdversion="1.1">
<source>
<product version="3.5.14" asn1id="" build="20110211_120000"
instance="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
Driver">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="__driver_identification_class__"
event-id="query-driver-ident">
<attr attr-name="driver-id">
<value type="string">AD</value>
</attr>
<attr attr-name="driver-version">
<value type="string">3.5.14</value>
</attr>
<attr attr-name="min-activation-version">
<value type="string">5</value>
</attr>
<attr attr-name="query-ex-supported">
<value type="state">true</value>
</attr>
</instance>
<status level="success" event-id="query-driver-ident"/>
</output>
</nds>
DirXML: [07/02/12 02:32:16.50]:
DirXML Log Event -------------------
Driver = \XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
Driver
Thread = Subscriber Channel
Level = success
DirXML: [07/02/12 02:32:16.55]: ADDriver: unauthenticated connection to
rootDSE succeeded
DirXML: [07/02/12 02:32:16.55]: ADDriver: read rootDSE information
DirXML: [07/02/12 02:32:16.60]: ADDriver:
LDAP Session Information

LDAP version: 3
Domain DNS name:
Server DNS name: 192.168.100.1
Host reachable: 1
Using SSL: 0
Client error: (0) - Success
Server error: -
Dereference aliases: 0 - never
Referals: 1 - on
Auto-reconnect: 1
Getdsname flags: 0
Sspi flags: 4002
Keep alive: 120
Ping limit: 4
Ping wait time: 2000
DirXML: [07/02/12 02:32:16.60]: ADDriver: Supported server side LDAP
controls:
1.2.840.113556.1.4.319 - LDAP_PAGED_RESULT_OID_STRING
1.2.840.113556.1.4.801 - LDAP_SERVER_SD_FLAGS_OID
1.2.840.113556.1.4.473 - LDAP_SERVER_SORT_OID
1.2.840.113556.1.4.528 - LDAP_SERVER_NOTIFICATION_OID
1.2.840.113556.1.4.417 - LDAP_SERVER_SHOW_DELETED_OID
1.2.840.113556.1.4.619 - LDAP_SERVER_LAZY_COMMIT_OID
1.2.840.113556.1.4.841 - LDAP_SERVER_DIRSYNC_OID
1.2.840.113556.1.4.529 - LDAP_SERVER_EXTENDED_DN_OID
1.2.840.113556.1.4.805 - LDAP_SERVER_TREE_DELETE_OID
1.2.840.113556.1.4.521 - LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID
1.2.840.113556.1.4.970 -
1.2.840.113556.1.4.1338 - LDAP_SERVER_VERIFY_NAME_OID
1.2.840.113556.1.4.474 - LDAP_SERVER_RESP_SORT_OID
1.2.840.113556.1.4.1339 - LDAP_SERVER_DOMAIN_SCOPE_OID
1.2.840.113556.1.4.1340 - LDAP_SERVER_SEARCH_OPTIONS_OID
1.2.840.113556.1.4.1413 - LDAP_SERVER_PERMISSIVE_MODIFY_OID
2.16.840.1.113730.3.4.9 -
2.16.840.1.113730.3.4.10 -
1.2.840.113556.1.4.1504 -
1.2.840.113556.1.4.1852 -
1.2.840.113556.1.4.802 -
1.2.840.113556.1.4.1907 -
1.2.840.113556.1.4.1948 -
1.2.840.113556.1.4.1974 -
1.2.840.113556.1.4.1341 -
1.2.840.113556.1.4.2026 -
1.2.840.113556.1.4.2064 -
1.2.840.113556.1.4.2065 -
1.2.840.113556.1.4.2066 -
Naming contexts & RootDSE Properties:
DC=idm,DC=com
CN=Configuration,DC=idm,DC=com
CN=Schema,CN=Configuration,DC=idm,DC=com
DC=DomainDnsZones,DC=idm,DC=com
DC=ForestDnsZones,DC=idm,DC=com
default naming context: DC=idm,DC=com
schema naming context: CN=Schema,CN=Configuration,DC=idm,DC=com
configuration naming context: CN=Configuration,DC=idm,DC=com
root domain naming context: DC=idm,DC=com
forest functional level: Windows Server 2008 R2 Forest Mode
DirXML: [07/02/12 02:32:16.61]: ADDriver: Connect using ldap_bind:
user=CN=ADDriver_idm,CN=Users,DC=idm,DC=com, domain=, password=***,
method=negotiate, server=192.168.100.1, sign=no, seal=no ssl=no
DirXML: [07/02/12 02:32:16.74]: ADDriver: publisher shutdown complete
DirXML: [07/02/12 02:32:16.75]: Loader: publicationShim->start()
returned:
DirXML: [07/02/12 02:32:16.75]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.75]: <nds ndsversion="8.7"
dtdversion="1.1">
<source>
<product version="3.5.14" asn1id="" build="20110211_120000"
instance="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
Driver">AD</product>
<contact>Novell, Inc.</contact>
</source>
*<output>
<status level="error" type="driver-general">
<message>unable to authenticate to Active Directory</message>
<ldap-err ldap-rc="82" ldap-rc-name="LDAP_LOCAL_ERROR">
<client-err ldap-rc="-2146893052"/>
</ldap-err>
</status>
</output>*</nds>
DirXML: [07/02/12 02:32:16.77]:
DirXML Log Event -------------------
Driver = \XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
Driver
Thread = Publisher Channel
Level = error
Message = <message>unable to authenticate to Active
Directory</message>
<ldap-err ldap-rc="82" ldap-rc-name="LDAP_LOCAL_ERROR">
<client-err ldap-rc="-2146893052"/>
</ldap-err>
DirXML: [07/02/12 02:32:16.78]:
DirXML Log Event -------------------
Driver = \XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
Driver
Thread = Publisher Channel
Level = fatal
Message = Premature return from PublicationShim->start()
DirXML: [07/02/12 02:32:16.78]: Loader: Calling driverShim->shutdown()
DirXML: [07/02/12 02:32:16.78]: Loader: null document
DirXML: [07/02/12 02:32:16.78]: ADDriver: Driver::shutdown
DirXML: [07/02/12 02:32:16.80]: ADDriver: shutdown subscriber
DirXML: [07/02/12 02:32:16.80]: ADDriver: shutdown publisher
DirXML: [07/02/12 02:32:16.80]: ADDriver: Shutdown 1
DirXML: [07/02/12 02:32:16.80]: ADDriver: shutdown notification
complete
DirXML: [07/02/12 02:32:16.81]: Loader: driverShim->shutdown()
returned:
DirXML: [07/02/12 02:32:16.81]: Loader: XML Document:
DirXML: [07/02/12 02:32:16.81]: <nds ndsversion="8.7"
dtdversion="1.1">
<source>
<product version="3.5.14" asn1id="" build="20110211_120000"
instance="\XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
Driver">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="success"/>
</output>
</nds>
DirXML: [07/02/12 02:32:16.81]:
DirXML Log Event -------------------
Driver = \XXXXIDM\XXXX\IDMDriverGroup\Driver Set\Active Directory
Driver
Thread = Subscriber Channel
Level = warning
Message = Remote driver stopped
DirXML: [07/02/12 02:32:16.92]: Loader: Stopping driver
DirXML: [07/02/12 02:32:16.92]: ADDriver: Driver::destroy
DirXML: [07/02/12 02:32:16.94]: ADDriver: driver destroy delayed for
publisher exit
DirXML: [07/02/12 02:32:16.94]: Loader: Waiting for DirXML to connect
on 'TCP server socket, port 8090, address 192.168.100.81'...


--
sunway2
------------------------------------------------------------------------
sunway2's Profile: http://forums.novell.com/member.php?userid=128903
View this thread: http://forums.novell.com/showthread.php?t=457477