Dear All,
I rename user in NW and want it to synch to LDAP.

The environment are
Source : NW 6.5 sp6, eDir 8.7.3.9, IDM 3.5
Destination : Linux Enterprise 4 openldap 2.2.13-3, Qmail


The problem is:
If I rename user on NW it have to rename user in LDAP
but now it's like cannot find the dn in LDAP because association in NW
changed.
So What should I do to make LDAP renamed when NW rename?


What I've put in Subscriber Command Transform Policy are
<?xml version="1.0" encoding="UTF-8"?><policy>
<rule>
<description>Rename Login Name</description>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-operation op="equal">rename</if-operation>
</and>
</conditions>
<actions>
<do-rename-dest-object class-name="User">
<arg-string>
<token-text xml:space="preserve">mail=</token-text>
<token-src-name/>
<token-text
xml:space="preserve">@abc.com,ou=qmailuser,o=sbl,c =th</token-text>
</arg-string>
</do-rename-dest-object>
</actions>
</rule>
</policy>


The trace level 3 are:
15:20:35 9961C320 Drvrs: LDAP Driver ST:Start transaction.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Processing events for transaction.
15:20:35 9961C320 Drvrs: LDAP Driver ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename cached-time="20080125082034.859Z" class-name="User"
event-id="MKIDM#20080125082034#14#1" old-src-dn="ABC-TREEABCHNpeterpa"
qualified-old-src-dn="O=ABCOU=HNCN=peterpa"
qualified-src-dn="O=ABCOU=HNCN=paulpa" remove-old-name="true"
src-dn="ABC-TREEABCHNpaulpa" src-entry-id="35137" timestamp="1201249193#1">
<association
state="associated">mail=peterpa@abc.com,ou=qmailus er,o=sbl,c=th</association>
<new-name>paulpa</new-name>
</rename>
</input>
</nds>
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying event transformation
policies.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying policy:
sub-et-RenameLoginName.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Applying to rename #1.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Policy returned:
15:20:35 9961C320 Drvrs: LDAP Driver ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename cached-time="20080125082034.859Z" class-name="User"
event-id="MKIDM#20080125082034#14#1" old-src-dn="ABC-TREEABCHNpeterpa"
qualified-old-src-dn="O=ABCOU=HNCN=peterpa"
qualified-src-dn="O=ABCOU=HNCN=paulpa" remove-old-name="true"
src-dn="ABC-TREEABCHNpaulpa" src-entry-id="35137" timestamp="1201249193#1">
<association
state="associated">mail=peterpa@abc.com,ou=qmailus er,o=sbl,c=th</association>
<new-name>paulpa</new-name>
</rename>
</input>
</nds>
15:20:35 9961C320 Drvrs: LDAP Driver ST:Subscriber processing rename for
ABC-TREEABCHNpaulpa.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying command transformation
policies.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying policy: 'Transform NMAS
attribute to password elements'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Applying to rename #1.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Convert adds of the nspmDistributionPassword attribute to password
elements'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal "add") =
FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Block modifies for failed password publish operations if reset
password if false'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-global-variable
'reset-external-password-on-failure' equal "false") = FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Convert modifies of a nspmDistributionPassword attribute to a modify
password operation'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal "modify") =
FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Block empty modify operations'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal "modify") =
FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Policy returned:
15:20:35 9961C320 Drvrs: LDAP Driver ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename cached-time="20080125082034.859Z" class-name="User"
event-id="MKIDM#20080125082034#14#1" old-src-dn="ABC-TREEABCHNpeterpa"
qualified-old-src-dn="O=ABCOU=HNCN=peterpa"
qualified-src-dn="O=ABCOU=HNCN=paulpa" remove-old-name="true"
src-dn="ABC-TREEABCHNpaulpa" src-entry-id="35137" timestamp="1201249193#1">
<association
state="associated">mail=peterpa@abc.com,ou=qmailus er,o=sbl,c=th</association>
<new-name>paulpa</new-name>
</rename>
</input>
</nds>
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying policy:
sub-ctp-DefaultPassword.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Applying to rename #1.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'On User add, provide default password of Dirxml1 if none exists'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal "add") =
FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Policy returned:
15:20:35 9961C320 Drvrs: LDAP Driver ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename cached-time="20080125082034.859Z" class-name="User"
event-id="MKIDM#20080125082034#14#1" old-src-dn="ABC-TREEABCHNpeterpa"
qualified-old-src-dn="O=ABCOU=HNCN=peterpa"
qualified-src-dn="O=ABCOU=HNCN=paulpa" remove-old-name="true"
src-dn="ABC-TREEABCHNpaulpa" src-entry-id="35137" timestamp="1201249193#1">
<association
state="associated">mail=peterpa@abc.com,ou=qmailus er,o=sbl,c=th</association>
<new-name>paulpa</new-name>
</rename>
</input>
</nds>
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying policy: 'Subscribe to
password changes'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Applying to rename #1.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Block subscribing to passwords when objects are added'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-global-variable
'enable-password-subscribe' equal "false") = FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Block subscribing to password modifications'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-global-variable
'enable-password-subscribe' equal "false") = FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Policy returned:
15:20:35 9961C320 Drvrs: LDAP Driver ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename cached-time="20080125082034.859Z" class-name="User"
event-id="MKIDM#20080125082034#14#1" old-src-dn="ABC-TREEABCHNpeterpa"
qualified-old-src-dn="O=ABCOU=HNCN=peterpa"
qualified-src-dn="O=ABCOU=HNCN=paulpa" remove-old-name="true"
src-dn="ABC-TREEABCHNpaulpa" src-entry-id="35137" timestamp="1201249193#1">
<association
state="associated">mail=peterpa@abc.com,ou=qmailus er,o=sbl,c=th</association>
<new-name>paulpa</new-name>
</rename>
</input>
</nds>
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying policy: 'Payloads for
subscribe to password changes'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Applying to rename #1.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Add operation-data element to password subscribe operations'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal "add") =
FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal
"modify-password") = FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Add payload data to a reset password from a failed password publish
operation'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal
"modify-password") = FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Add payload data to password subscribe operations'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal "add") =
FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal
"modify-password") = FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Policy returned:
15:20:35 9961C320 Drvrs: LDAP Driver ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename cached-time="20080125082034.859Z" class-name="User"
event-id="MKIDM#20080125082034#14#1" old-src-dn="ABC-TREEABCHNpeterpa"
qualified-old-src-dn="O=ABCOU=HNCN=peterpa"
qualified-src-dn="O=ABCOU=HNCN=paulpa" remove-old-name="true"
src-dn="ABC-TREEABCHNpaulpa" src-entry-id="35137" timestamp="1201249193#1">
<association
state="associated">mail=peterpa@abc.com,ou=qmailus er,o=sbl,c=th</association>
<new-name>paulpa</new-name>
</rename>
</input>
</nds>
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying policy:
sub-ctp-RenameLoginName.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Applying to rename #1.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Rename Login Name'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-class-name equal "User") =
TRUE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal "rename") =
TRUE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule selected.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Applying rule 'Rename Login Name'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Action:
do-rename-dest-object(class-name="User","mail="+token-src-name()+"@abc.com,ou=qmailuser,o=sbl,c=th").
15:20:35 9961C320 Drvrs: LDAP Driver ST:
arg-string("mail="+token-src-name()+"@abc.com,ou=qmailuser,o=sbl,c=th")
15:20:35 9961C320 Drvrs: LDAP Driver ST: token-text("mail=")
15:20:35 9961C320 Drvrs: LDAP Driver ST: token-src-name()
15:20:35 9961C320 Drvrs: LDAP Driver ST: Token Value: "paulpa".
15:20:35 9961C320 Drvrs: LDAP Driver ST:
token-text("@abc.com,ou=qmailuser,o=sbl,c=th")
15:20:35 9961C320 Drvrs: LDAP Driver ST: Arg Value:
"mail=paulpa@abc.com,ou=qmailuser,o=sbl,c=th".
15:20:35 9961C320 Drvrs: LDAP Driver ST:Policy returned:
15:20:35 9961C320 Drvrs: LDAP Driver ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename cached-time="20080125082034.859Z" class-name="User"
event-id="MKIDM#20080125082034#14#1" old-src-dn="ABC-TREEABCHNpeterpa"
qualified-old-src-dn="O=ABCOU=HNCN=peterpa"
qualified-src-dn="O=ABCOU=HNCN=paulpa" remove-old-name="true"
src-dn="ABC-TREEABCHNpaulpa" src-entry-id="35137" timestamp="1201249193#1">
<association
state="associated">mail=peterpa@abc.com,ou=qmailus er,o=sbl,c=th</association>
<new-name>paulpa</new-name>
</rename>
<rename class-name="User" event-id="MKIDM#20080125082034#14#1"
qualified-src-dn="O=ABCOU=HNCN=paulpa" src-dn="ABC-TREEABCHNpaulpa"
src-entry-id="35137">
<association>mail=peterpa@abc.com,ou=qmailuser,o=s bl,c=th</association>
<new-name>mail=paulpa@abc.com,ou=qmailuser,o=sbl,c=th</new-name>
</rename>
</input>
</nds>
15:20:35 9961C320 Drvrs: LDAP Driver ST:Filtering out notification-only
attributes.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Fixing up association references.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying schema mapping policies
to output.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying policy: smp-SchemaMapping.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Mapping class-name 'User' to
'qmailUser'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Mapping class-name 'User' to
'qmailUser'.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying output transformation
policies.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Applying policy: 'Email
notifications for failed password publications'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Applying to rename #1.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Send e-mail for a failed publish password operation'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal "status") =
FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Applying to rename #2.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Evaluating selection criteria for
rule 'Send e-mail for a failed publish password operation'.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-global-variable
'notify-user-on-password-dist-failure' equal "true") = TRUE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: (if-operation equal "status") =
FALSE.
15:20:35 9961C320 Drvrs: LDAP Driver ST: Rule rejected.
15:20:35 9961C320 Drvrs: LDAP Driver ST:Policy returned:
15:20:35 9961C320 Drvrs: LDAP Driver ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename cached-time="20080125082034.859Z" class-name="qmailUser"
event-id="MKIDM#20080125082034#14#1" old-src-dn="ABC-TREEABCHNpeterpa"
qualified-old-src-dn="O=ABCOU=HNCN=peterpa"
qualified-src-dn="O=ABCOU=HNCN=paulpa" remove-old-name="true"
src-dn="ABC-TREEABCHNpaulpa" src-entry-id="35137" timestamp="1201249193#1">
<association
state="associated">mail=peterpa@abc.com,ou=qmailus er,o=sbl,c=th</association>
<new-name>paulpa</new-name>
</rename>
<rename class-name="qmailUser" event-id="MKIDM#20080125082034#14#1"
qualified-src-dn="O=ABCOU=HNCN=paulpa" src-dn="ABC-TREEABCHNpaulpa"
src-entry-id="35137">
<association>mail=peterpa@abc.com,ou=qmailuser,o=s bl,c=th</association>
<new-name>mail=paulpa@abc.com,ou=qmailuser,o=sbl,c=th</new-name>
</rename>
</input>
</nds>
15:20:35 9961C320 Drvrs: LDAP Driver ST:Submitting document to subscriber
shim:
15:20:35 9961C320 Drvrs: LDAP Driver ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename cached-time="20080125082034.859Z" class-name="qmailUser"
event-id="MKIDM#20080125082034#14#1" old-src-dn="ABC-TREEABCHNpeterpa"
qualified-old-src-dn="O=ABCOU=HNCN=peterpa"
qualified-src-dn="O=ABCOU=HNCN=paulpa" remove-old-name="true"
src-dn="ABC-TREEABCHNpaulpa" src-entry-id="35137" timestamp="1201249193#1">
<association
state="associated">mail=peterpa@abc.com,ou=qmailus er,o=sbl,c=th</association>
<new-name>paulpa</new-name>
</rename>
<rename class-name="qmailUser" event-id="MKIDM#20080125082034#14#1"
qualified-src-dn="O=ABCOU=HNCN=paulpa" src-dn="ABC-TREEABCHNpaulpa"
src-entry-id="35137">
<association>mail=peterpa@abc.com,ou=qmailuser,o=s bl,c=th</association>
<new-name>mail=paulpa@abc.com,ou=qmailuser,o=sbl,c=th</new-name>
</rename>
</input>
</nds>
15:20:35 9961C320 Drvrs: LDAP Driver ST:Remote Interface Driver: Sending...
15:20:35 9961C320 Drvrs: LDAP Driver ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.10.20070918 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename cached-time="20080125082034.859Z" class-name="qmailUser"
event-id="MKIDM#20080125082034#14#1" old-src-dn="ABC-TREEABCHNpeterpa"
qualified-old-src-dn="O=ABCOU=HNCN=peterpa"
qualified-src-dn="O=ABCOU=HNCN=paulpa" remove-old-name="true"
src-dn="ABC-TREEABCHNpaulpa" src-entry-id="35137" timestamp="1201249193#1">
<association
state="associated">mail=peterpa@abc.com,ou=qmailus er,o=sbl,c=th</association>
<new-name>paulpa</new-name>
</rename>
<rename class-name="qmailUser"
event-id="MKIDM#20080125082034#14#1_opData1"
qualified-src-dn="O=ABCOU=HNCN=paulpa" src-dn="ABC-TREEABCHNpaulpa"
src-entry-id="35137">
<association>mail=peterpa@abc.com,ou=qmailuser,o=s bl,c=th</association>
<new-name>mail=paulpa@abc.com,ou=qmailuser,o=sbl,c=th</new-name>
</rename>
</input>
</nds>
15:20:35 9961C320 Drvrs: LDAP Driver ST:Remote Interface Driver: Document
sent.
15:20:35 9961E3E0 Drvrs: LDAP Driver :Remote Interface Driver: Received.
15:20:35 9961E3E0 Drvrs: LDAP Driver :
<nds dtdversion="2.0" ndsversion="8.x">
<source>
<product build="20070918_0739 " instance="LDAP Driver"
version="3.5.2">Identity Manager Driver for LDAP</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<modify-association event-id="MKIDM#20080125082034#14#1">
<association>mail=peterpa@abc.com,ou=qmailuser,o=s bl,c=th</association>
<association>mail=paulpa,ou=qmailuser,o=sbl,c=th </association>
</modify-association>
<status event-id="MKIDM#20080125082034#14#1" level="success"/>
<status event-id="MKIDM#20080125082034#14#1_opData1"
level="error">LDAPException: Invalid DN Syntax (34) Invalid DN Syntax
LDAPException: Server Message: invalid new RDN
LDAPException: Matched DN: </status>
</output>
</nds>

Thanks,
Nat