AD driver, IDM 3.6. I mapped AD's Group Type to eDirs Group Type
(groupType in both cases I think).

I experimented and found that the values are the following:

Domain Local
Security -2147483644
Distribution List 4

Global
Security -2147483646
Distribution List 2

Universal
Security -2147483640
Distribution List 8


Ok, cool that was easy. (I am placing Security groups in one container
in eDir and Distro lists in another, so they can be synced differently
to GW).

Now for fun, I change the value in eDir to see what happens in AD.

I started with a Global Distro Group, type 2 (Global Distro) to type 4
(Domain Local, Distro).

Ok, that failed as below:


<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20080229_143300"
instance="\WATTS-LAB-IDV\Watts\Drivers\IDM\AMERICAS-AD"
version="3.5.3">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="Xidv1#20090424184121#1#1" level="error"
type="driver-general">
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To Perform</client-err>
<server-err>00000032: SvcErr: DSID-031A11E5, problem 5003
(WILL_NOT_PERFORM), data 0
</server-err>
<server-err-ex win32-rc="50"/>
</ldap-err>
</status>
</output>
</nds>

I changed it from 4 to 8, that worked! changed in AD to Univ Distro.

Then I changed back to 2, Global Distro same error, Unwilling to perform.

Anyone understand what is allowed, and what is not?