Problems getting started with IDM 2.0.1
Primarily, I am getting the following error on the remote loader side in AD:
<output>
<status level="retry" type="driver-general" event-id="0">
<message>unable to connect to Active Directory</message>
<ldap-err ldap-rc="81" ldap-rc-name="LDAP_SERVER_DOWN"/>
</status>
</output>


I am trying to get an IDVAULT test environment up and running. Our goal is
to sync our eDirectory user accounts to Active Directory, using a dedicated
IDVAULT eDir tree. I have the eDir tree populated with users in a flat
structure. AD will be a bit Hierarchical, with sub containers. I have
seen the TIDs and Cool Solution articles on the problem I am experiencing.
I can ping by name the eDirectory server running the Driver shim as well
as ping by name the AD domain and host server. My remote loader looks
config looks like this:
--------
-description "AD"
-commandport 8000
-connection "port=8090 address='192.168.178.224'
rootfile='C:\cert\localED\IDV-CERT.b64'"
-trace 3
-tracefile "C:\Novell\RemoteLoader\AD-Trace.log"
-tracefilemax 0M
-module "C:\Novell\RemoteLoader\ADDriver.dll"

----------

My driver config on the eDirectory server looks like this:


Driver: Active Directory.DirXMLDriverSet.Dirxml.Services.IDVAULT
Driver name: Remote Driver
Driver module: com.novell.nds.dirxml.remote.driver.DriverShimImpl
Driver Set running on eDirectory: WIDV-TST.IDVAULT
Driver ID: AD
Driver version: 3.0.1

I have tried simple and negotiate with and without SSL. Also tried signing
and sealing to bypass SSL but still have credentials encrypted on the wire.
The AD Domain server is a Domain Controller running Windows Server 2003
Standard Edition. The eDirectory server is Netware 6.5.4a running iManager
2.5. I did upgrade the ADDriver.dll to idm20xadir6. This did not have any
positive effect either.

If I remove the SSL setting from the Driver and Remote loader I am able to
get accounts to push across from eDirectory to the Active Directory Domain
but they come across disabled because the password cannot be set.

Any insight would be greatly appreciated.

Thanks,

Bill Conlee


b co n l ee at k u m c edyou