OK, I'm usually proven wrong, but I'm going to go out on a limb and say there is a big problem here. I recently upgraded to 3.6 and since that point my x509 certificates no longer will sync from my eDir to the Sun LDAP. No other driver changes took place.

In the schema mapping, eDir:userCertificate is mapped to LDAP:userCertificate;binary
The handle binary option is turned on in the driver config
To reproduce the error, I am importing my certificate via a LDAP browser into the eDir
I would expect it to sync to the Sun LDAP however the following is returned in the trace:

----------------------------------------------------------------------------
18:00:00 9AE3DBA0 Drvrs: OAC7 ST:Submitting document to subscriber shim:
18:00:06 9AE3DBA0 Drvrs: OAC7 ST:
<nds dtdversion="3.5" ndsversion="8.x">
<source>
<product version="3.6.0.4294">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify cached-time="20081117233109.546Z" class-name="inetOrgPerson" event-id="UTHVAULT1#20081117233109#1#1" qualified-src-dn="dc=edu\dc=tmc\dc=uth\OU=PEOPLE\uniqueID=wschne ider" src-dn="\UTHSCH\edu\tmc\uth\PEOPLE\wschneider" src-entry-id="33342" timestamp="1226964669#1">
<association state="associated">uid=wschneider,ou=People,dc=uth ,dc=tmc,dc=edu</association>
<modify-attr attr-name="userCertificate;binary">
<add-value>
18:00:00 9AE3DBA0 Drvrs: <value timestamp="1226964669#1" type="octet">MIIEzTCCBDagAwIBAgIQZj08P+hkpvwUB4pSn AbgRTANBgkqhkiG9w0BAQUFADCCAQExJzAlBgNVBAoTHlRoZSB Vbml2ZXJzaXR5IG9mIFRleGFzIFN5c3RlbTEfMB0GA1UECxMWV mVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXM gb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yc GEgKGMpOTkxMjAwBgNVBAsTKUNsYXNzIDIgQ0EgLSBPblNpdGU gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMUQwQgYDVQQDEztUaGUgV W5pdmVyc2l0eSBvZiBUZXhhcyBIZWFsdGggU2NpZW5jZSBDZW5 0ZXIgYXQgSG91c3RvbiBDQTAeFw0wODAyMjUwMDAwMDBaFw0wO TAzMjYyMzU5NTlaMIHtMScwJQYDVQQKFB5UaGUgVW5pdmVyc2l 0eSBvZiBUZXhhcyBTeXN0ZW0xLDAqBgNVBAsUI0hlYWx0aCBTY 2llbmNlIENlbnRlciBhdCBIb3VzdG9uIENBMUYwRAYDVQQLEz1 3d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIEluY29yc C4gYnkgUmVmLixMSUFCLkxURChjKTk2MRwwGgYDVQQDExNXaWx saWFtIEMgU2NobmVpZGVyMS4wLAYJKoZIhvcNAQkBFh93aWxsa WFtLmMuc2NobmVpZGVyQHV0aC50bWMuZWR1MIGfMA0GCSqGSIb 3DQEBAQUAA4GNADCBiQKBgQDTZPTgfa+Day5LYnIJw1q5nxo8N +RGwsV6/J0ZfURT4fQKLxFT8QH1xFxgR+uzKOGcmrqIxoROQSY0Go/a4jTVzqvky5WFoVVlnNOFdf1xWzvNJgA3EcOVOfgv2wpExu5Ge 9OTi45m91BrLOaHpOrpjRt4NF9lnPTvt3WJnm7tVQIDAQABo4I BVTCCAVEwCQYDVR0TBAIwADCBrAYDVR0gBIGkMIGhMIGeBgtgh kgBhvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3c udmVyaXNpZ24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlc mlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29 ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVya VNpZ24wCwYDVR0PBAQDAgWgMBEGCWCGSAGG+EIBAQQEAwIHgDB 1BgNVHR8EbjBsMGqgaKBmhmRodHRwOi8vb25zaXRlY3JsLnZlc mlzaWduLmNvbS9UaGVVbml2ZXJzaXR5b2ZUZXhhc1N5c3RlbUh lYWx0aFNjaWVuY2VDZW50ZXJhdEhvdXN0b25DQS9MYXRlc3RDU kwuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAGroV2jIvrnuQZiYlaD nl+azUyxqGt8zECDgOvguMJK1nv2OBTLDdST4oShL3t2Zl8j19 +QpUmfBAcl0nUhDwvgHoUB8+vemHTe1spZ+GttDwOSQgt9BorR 4mDpVooky5ZBxByBbUiYSJnlxk+G/dUdFCb/K5Tx3KhVJEYg2y8hI</value>
</add-value>
23:09:44 9AE3DBA0 Drvrs: </modify-attr>
<operation-data opAssoc="uid=wschneider,ou=People,dc=uth,dc=tmc,dc =edu" propNames="wschneider | Y1Y1Y1Y"/>
</modify>
</input>
</nds>
18:00:00 9AE3DBA0 Drvrs: OAC7 ST:Stripping operation data from input document
03:07:16 9AE3DBA0 Drvrs: OAC7 ST:OAC7 DC Model: LDAPSubscriber.performModifyOperation() Modifications to the following attributes were detected:
18:00:00 9AE3DBA0 Drvrs: OAC7 ST:OAC7 DC Model: usercertificate;binary
21:23:57 9AE3DBA0 Drvrs: OAC7 ST:OAC7 DC Model: LDAPSubscriber.performModifyOperation() Performing an LDAP search of the target so the modification can be optimized.
18:04:08 9AE3DBA0 Drvrs: OAC7 ST:OAC7 DC Model: LDAP Search
base=uid=wschneider,ou=People,dc=uth,dc=tmc,dc=edu
scope=0
filter=objectclass=*
attrs=[usercertificate;binary]
attrsOnly=false
18:00:00 9AE3DBA0 Drvrs: OAC7 ST:OAC7 DC Model: LDAPSubscriber.performModifyOperation() Processing an add-value element
11:08:00 9AE3DBA0 Drvrs: OAC7 ST:Processing returned document.
20:12:15 9AE3DBA0 Drvrs: OAC7 ST:Processing operation <status> for .
22:26:42 9AE3DBA0 Drvrs: OAC7 ST:
DirXML Log Event -------------------
Driver: \UTHSCH\edu\tmc\uth\SERVERS\DirXML\DriverSet1\OAC7 DC Model
Channel: Subscriber
Object: \UTHSCH\edu\tmc\uth\PEOPLE\wschneider
Status: Error
Message: Code(-9010) An exception occurred: java.lang.IllegalArgumentException: Attribute value cannot be null
at com.novell.ldap.LDAPAttribute.addBase64Value(Unkno wn Source)
at com.novell.nds.dirxml.driver.ldap.LDAPSubscriber.p erformModifyOperation(LDAPSubscriber.java:460)
at com.novell.nds.dirxml.driver.ldap.LDAPSubscription Shim.execute(LDAPSubscriptionShim.java:157)
at com.novell.nds.dirxml.engine.Subscriber.execute(Su bscriber.java:447)
at com.novell.nds.dirxml.engine.Subscriber.execute(Su bscriber.java:282)
at com.novell.nds.dirxml.engine.Subscriber$ModifyProc essor.process(Subscriber.java:1430)
at com.novell.nds.dirxml.engine.Subscriber.processEve nt(Subscriber.java:1054)
at com.novell.nds.dirxml.engine.Subscriber.processEve nts(Subscriber.java:898)
at com.novell.nds.dirxml.engine.Driver.submitTransact ion(Driver.java:624)
at com.novell.nds.dirxml.engine.DriverEntry.submitTra nsaction(DriverEntry.java:1050)
at com.novell.nds.dirxml.engine.DriverEntry.processCa chedTransaction(DriverEntry.java:934)
at com.novell.nds.dirxml.engine.DriverEntry.eventLoop (DriverEntry.java:756)
at com.novell.nds.dirxml.engine.DriverEntry.run(Drive rEntry.java:561)
at java.lang.Thread.run(Unknown Source)

18:00:01 9AE3DBA0 Drvrs: OAC7 ST:End transaction.
----------------------------------------------------------------------------

I switched the driver to run in clear text and took a packet trace and I see the query that is performed as a part of the optimize taking place, but no attempt is ever made to write the userCertificate value. This error is also not returned in the trace. This would seem to indicate that the error is from the shim and not the Sun LDAP.

I have tried every possible combination trying to rule out the binary choices in terms off turning off the binary option and removing the mapping value however all return the same result.

Am I crazy? This is:
IDM 3.6 FCS
SLES 10 SP2
LDAP Driver 3.5.5

Thanks in advance!