Hello everybody,

I tried this on a fresh unmodified AD driver Using IDM3.5 (except that I
removed the "veto move" rule on the publisher event transform). Using
mirrored sync.

In eDirectory I moved the partitioned OU sub1.site1.users.org to
sub1.site3.users.org

The resulting XDS doc looked like this (Forgive me for not posting the complete trace, it is rather lenghty). This is more or less what the doc looks like until it fails.

[01/21/08 21:26:16.430]:ADDOM1 ST:Start transaction.
[01/21/08 21:26:16.430]:ADDOM1 ST:Processing events for transaction.
[01/21/08 21:26:16.446]:ADDOM1 ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.5.0.20070315 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<rename class-name="Organizational Unit" event-id="2K303-NDS#20080121202616#1#1" old-src-dn="\ITQ03TREE\org\users\site1\sub1" qualified-old-src-dn="O=org\OU=users\OU=site1\OU=sub1" qualified-src-dn="O=org\OU=users\OU=site1\OU=sub1" remove-old-name="false" src-dn="\ITQ03TREE\org\users\site1\sub1" src-entry-id="32918" timestamp="1200944025#1">
<association state="associated">160ba27da213f6429a2e235984f4f0b a</association>
<new-name>sub1</new-name>
</rename>
</input>
</nds>

It seems that the rename event generated here, does not include the new placement of the OU (which would now fully read sub1.site3.users.org)

Later on, this fails horribly with this error (quite obvious)

<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20070122_093000" instance="\ITQ03TREE\org\services\Driver Set\ADDOM1" version="3.5.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="2K303-NDS#20080121202616#1#1" level="error" type="driver-general">
<message>Rename failed</message>
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>00000057: LdapErr: DSID-0C0909A4, comment: Old RDN must be deleted, data 0, vece</server-err>
<server-err-ex win32-rc="87"/>
</ldap-err>
</status>
</output>
</nds>

It seems to work better when moving the OU from the AD side.

Are there some trick that will make this OU move work from the eDirectory
side. I guess that the driver need some modification, can anyone give me a
hint ?