Hello,

In my AD driver I need to add a rule to associate existing AD users to
existing Identity Vault users which are not associated.
When I start my driver I get a "LDAP_NAMING_VIOLATION" error.
My rule is :

<rule>
<description>Link Identity Vault - AD</description>
<conditions>
<and>
<if-operation op="equal">modify</if-operation>
<if-class-name op="equal">User</if-class-name>
<if-dest-dn
op="in-subtree">ou=Zones_Géographiques,ou=Poles,dc=alpha ,dc=fr</if-dest-dn>
<if-association op="not-associated"/>
</and>
</conditions>
<actions>
<do-add-association when="after">
<arg-association>
<token-attr name="uniqueID"/>
</arg-association>
</do-add-association>
</actions>
</rule>


I give you logs bellow.
Have you an idea about the way to link AD users to Identity Vault users
which are yet existing on each side ?
Thank you for your help,

Christine



[04/20/08 21:43:45.484]:c:\alpha\logs\tracesAD.log
ST:SubscriptionShim.execute() returned:
[04/20/08 21:43:45.484]:c:\alpha\logs\tracesAD.log ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20070823_095000"
instance="\alpha_TREE\alpha\system\Ensemble Pilote Dev\Active Directory
Dev" version="3.5.1">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="APOLLO-NDS#20080420194344#1#1" level="error"
type="driver-general">
<ldap-err ldap-rc="64" ldap-rc-name="LDAP_NAMING_VIOLATION">
<client-err ldap-rc="64"
ldap-rc-name="LDAP_NAMING_VIOLATION">Définition de la
violation</client-err>
<server-err>0000206D: UpdErr: DSID-030500F9, problem 6001
(NAME_VIOLATION), data 0
</server-err>
<server-err-ex win32-rc="8301"/>
</ldap-err>
</status>
</output>
</nds>


--
coves
------------------------------------------------------------------------
coves's Profile: http://forums.novell.com/member.php?userid=4568
View this thread: http://forums.novell.com/showthread.php?t=324937