I just upgraded an IdM environment and AD driver from IdM 3.5.1 running
on NetWare to IdM 3.6.1 running on Linux. Everything seemed fine until
I noticed these errors:

<status event-id="mt04#20090729141252#3#1" level="error"
<ldap-err ldap-rc="53" ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">
<client-err ldap-rc="53"
ldap-rc-name="LDAP_UNWILLING_TO_PERFORM">Unwilling To
<server-err>00000057: LdapErr: DSID-0C090A47, comment: Error in
attribute conversion operation, data 0, vece</server-err>
<server-err-ex win32-rc="87"/>

Apparently, it looks like the dirxml-UACAccountDisable is not being
converted to the proper format for AD. In the remote loader trace, I
see the value TRUE trying to be applied. I looked at the schema map,
and it looks right:

<nds-name>Login Disabled</nds-name>

on the remote loader trace, I see this:

<modify-attr attr-name="dirxml-uACAccountDisable">

I don't think that is right, is it? Then I see it try and modify the
attribute in AD, which fails of course:

association 001e6b8e706f6140ba3731dae9a7da29
DirXML: [07/29/09 09:03:49.23]: ADDriver: parse modify class = user
DirXML: [07/29/09 09:03:49.23]: ADDriver: association
DirXML: [07/29/09 09:03:49.23]: ADDriver:
DirXML: [07/29/09 09:03:49.23]: ADDriver: modify-attr
DirXML: [07/29/09 09:03:49.23]: ADDriver: remove-all-values
DirXML: [07/29/09 09:03:49.23]: ADDriver: add-value
DirXML: [07/29/09 09:03:49.23]: ADDriver: value
DirXML: [07/29/09 09:03:49.23]: ADDriver: TRUE
DirXML: [07/29/09 09:03:49.23]: ADDriver: ldap_modify user
LDAPMod operations:
replace attribute userAccountControl

Any ideas what is happening here? Why is the driver not converting
this any longer?



matt's Profile: http://forums.novell.com/member.php?userid=1582
View this thread: http://forums.novell.com/showthread.php?t=381531