Father

Actually, when I check the L3 trace, I see that there is a NO MATCH FOUND
message when I edit AD003, even tho that object exists in AD and has the
correct sAMAccountName.

I can't see why, from the code and manuals, why this matchind rule doesn't
work!


"Nelson" <weedkiller2004@hotmail.com> wrote in message
news:yks1g.2889$sd1.2774@prv-forum2.provo.novell.com...
> Thanks Father! I tried that.... and the driver still does not seem to
> match correctly:
>
> ie if I edit user AD003-2, which has the same given name, surname and
> fullname as user AD003, I need AD003 to fail the matching rule and to
> create the AD003-2 user in AD.
>
> What seems to be happening is that the driver seems to want to create AD
> 003 and not AD003-2, as shown below.
>
> DirXML Log Event -------------------
> Driver = \BLACK-TREE\UK\Salford\Servers\Driver_Set\IDMADDriverTest s
> Thread = Subscriber Channel
> Object = \BLACK-TREE\IDMADDriverTest\AD003-2 (CN=AD
> 003,ou=IDMADDriverTest,dc=imanami,dc=local)
> Level = error
> Message = <ldap-err ldap-rc="68" ldap-rc-name="LDAP_ALREADY_EXISTS">
> <client-err ldap-rc="68" ldap-rc-name="LDAP_ALREADY_EXISTS">Already
> Exists</client-err>
> <server-err>00002071: UpdErr: DSID-030502F7, problem 6005 (ENTRY_EXISTS),
> data 0
> </server-err>
> <server-err-ex win32-rc="8305"/>
> </ldap-err>
>
> I can't help get the feeling that I'm being stupid here and missing
> something really obvious
>
>
> "Father Ramon" <devforums@novell.com> wrote in message
> news:xKr1g.2841$sd1.59@prv-forum2.provo.novell.com...
>> Try:
>>
>> <do-find-matching-object scope="subordinates">
>> <arg-dn>
>> <token-text>ou=IDMADDriverTest,dc=domain,dc=local</token-text>
>> </arg-dn>
>> <arg-match-attr name="sAMAccountName">
>> <arg-value>
>> <token-src-name/>
>> </arg-value>
>> </arg-match-attr>
>> </do-find-matching-object>
>>
>> --
>>
>> Father Ramon
>>
>>
>> Nelson wrote:
>>>
>>>
>>> I am struggling with the syntax to create a match on sAMAccountName. We
>>> have edited the matching rule as follows:
>>>
>>> <description>Match Existing Users</description>
>>> <conditions>
>>> <and>
>>> <if-operation op="equal">add</if-operation>
>>> </and>
>>> </conditions>
>>> <actions>
>>> <do-find-matching-object scope="subordinates">
>>> <arg-dn>
>>> <token-text
>>> xml:space="preserve">ou=IDMADDriverTest,dc=domain, dc=local</token-text>
>>> </arg-dn>
>>> <arg-match-attr name="CN"/>
>>> </do-find-matching-object>
>>> </actions>
>>> </rule>
>>>
>>> If I read this ccorrectly I am trying to match the eDirectory CN to the
>>> AD sAMAccountName, but I'm drawing a blank on the rule actually working
>>> when I try and run it.
>>>
>>>
>>>
>>> "Father Ramon" <devforums@novell.com> wrote in message
>>> news:Bgr1g.2796$sd1.674@prv-forum2.provo.novell.com...
>>>> Not obviously - you made no prior mention that you had tried anything.
>>>> What exactly did you try that didn't work?
>>>> --
>>>>
>>>> Father Ramon
>>>>
>>>>
>>>> Nelson wrote:
>>>>> Thank you Father.
>>>>>
>>>>> Obviously I had already tried to do that but had not been successful.
>>>>>
>>>>>
>>>>> "Father Ramon" <devforums@novell.com> wrote in message
>>>>> news:8Jq1g.2756$sd1.1305@prv-forum2.provo.novell.com...
>>>>>> Yes, Just change the matching policy.
>>>>>> --
>>>>>>
>>>>>> Father Ramon
>>>>>>
>>>>>>
>>>>>> Nelson wrote:
>>>>>>> Is it possible to get have the AD driver match on sAMAccountName?
>>>>>>>
>>>>>>> We have an AD and eDirectory with many, many multiples of names and
>>>>>>> the only unique value is the eDirectory CN and the AD
>>>>>>> sAMAccountName.
>>>>>>>
>>>>>>> The standard driver seems to use the Operationsl Attribute 'Full
>>>>>>> Name' but we can not rely on this value!
>>>>>>>
>>>>>>> All help gratefully received!
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Nelson
>>>

>
>