I have a eDir -> AD connector whose placement rule requires knowledge
of the position of the user's manager in AD. I'm attempting to obtain
the manager's DN via the destination attribute distinguishedname,
which is mapped through accesscardnumber, a spare attribute.

The relevant portion of the policy is below, with the trace error
following. The complete trace also shows that the variable ManagerAsn
remains empty. It appears that AD does not want to pass
distinguishedname back to eDir because it violates some LDAP
condition.

Any ideas as to how to get around this appreciated.

Thanks

Dean



<description>Find destination DN of Manager CI and Build User
DN</description>
<conditions>
<and>
<if-local-variable name="ManagerCI" op="available"/>
</and>
</conditions>
<actions>
<do-set-local-variable name="ManagerAsn">
<arg-string>
<token-dest-attr class-name="User" name="accessCardNumber">
<arg-dn>
<token-local-variable name="ManagerCI"/>
</arg-dn>
</token-dest-attr>
</arg-string>
</do-set-local-variable>
<do-trace-message>
<arg-string>
<token-text xml:space="preserve">Managerasn=</token-text>
<token-text xml:space="preserve"/>
<token-local-variable name="ManagerAsn"/>
</arg-string>





DirXML: [05/20/08 16:54:49.71]: Loader: Calling
subscriptionShim->execute()
DirXML: [05/20/08 16:54:49.71]: Loader: XML Document:
DirXML: [05/20/08 16:54:49.71]: <nds dtdversion="2.0"
ndsversion="8.x">
<source>
<product version="2.0.11.20051121 ">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="user" dest-dn="\DEPTMETAE-DEV\" event-id="0"
scope="entry">
<read-attr attr-name="distinguishedName"/>
</query>
</input>
</nds>






DirXML: [05/20/08 16:54:49.71]: ADDriver: parse command

className user
destDN \DEPTMETAE-DEV\Communities\Workforce\Active\DTF\PDT
eventId 0
association
DirXML: [05/20/08 16:54:49.71]: ADDriver: query constraints
DirXML: [05/20/08 16:54:49.71]: ADDriver: read-attr
distinguishedName
DirXML: [05/20/08 16:54:49.71]: ADDriver: query
root: \DEPTMETAE-DEV\Communities\Workforce\Active\DTF\PDT
filter: (objectClass=*)
return: objectClass objectGUID distinguishedName
DirXML: [05/20/08 16:54:49.72]: Loader: subscriptionShim->execute()
returned:
DirXML: [05/20/08 16:54:49.72]: Loader: XML Document:
DirXML: [05/20/08 16:54:49.72]: <nds ndsversion="8.7"
dtdversion="1.1">
<source>
<product version="3.0.1" asn1id="" build="20040720_1203"
instance="\DEPTMETAE-DEV\Admin\IDM\IDM Driver
Set\Meta-to-NOS-AD">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status level="error" type="driver-general" event-id="0">
<ldap-err ldap-rc="34" ldap-rc-name="LDAP_INVALID_DN_SYNTAX">
<client-err ldap-rc="34"
ldap-rc-name="LDAP_INVALID_DN_SYNTAX">Invalid DN Syntax</client-err>
<server-err>0000208F: LdapErr: DSID-0C090654, comment: Error
processing name, data 0, vece</server-err>
<server-err-ex win32-rc="8335"/>
</ldap-err>
</status>
</output>
</nds>
DirXML: [05/20/08 16:54:49.72]:
DirXML Log Event -------------------
Driver = \DEPTMETAE-DEV\Admin\IDM\IDM Driver Set\Meta-to-NOS-AD
Thread = Subscriber Channel
Level = error
Message = <ldap-err ldap-rc="34"
ldap-rc-name="LDAP_INVALID_DN_SYNTAX">
<client-err ldap-rc="34" ldap-rc-name="LDAP_INVALID_DN_SYNTAX">Invalid
DN Syntax</client-err>
<server-err>0000208F: LdapErr: DSID-0C090654, comment: Error
processing name, data 0, vece</server-err>
<server-err-ex win32-rc="8335"/>


--
ddnicholls
------------------------------------------------------------------------
ddnicholls's Profile: http://forums.novell.com/member.php?userid=4926
View this thread: http://forums.novell.com/showthread.php?t=329177