2014-07-28#

DirXML Error in Microsoft Active Directory Driver#

Mapping:

  • L-l
  • S-st

Note that st on Microsoft Active Directory is defined as:

( 2.5.4.8 NAME 'st' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )

and Edirectory:

( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} X-NDS_NAME 'S' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '128' X-NDS_NONREMOVABLE '1' )

And l on Microsoft Active Directory is defined as:

( 2.5.4.7 NAME 'l' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )

and Edirectory:

( 2.5.4.7 NAME ( 'l' 'localityname' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} X-NDS_NAME 'L' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '128' X-NDS_NONREMOVABLE '1' )

So the issue is these are Single-Valued on Microsoft Active Directory and not on EDirectory.

As the Filter is as merge default, then there is an attempt to merge the values on AD, which results in an error.

AFIK, if the filter were set to IDV, then the problem would be solved. (I did it, just did not save it.)

Or we could use the Rule Handle Multi-to-single valued conversions

Input document:

    <modify cached-time="20140728110308.012Z" class-name="user" event-id="idv01#20140728110308#4#1:ff02b957-77d2-45a6-fe86-57b902ffd277" qualified-src-dn="dc=net\dc=willekedir\OU=people\OU=Int\uniqueID=tungals1" src-dn="\NWPROD\net\willekedir\people\Int\tungals1" src-entry-id="162887" timestamp="1406545375#9">
      <association state="associated">79fd787a59f8554a843804aa376de0c5</association>
      <modify-attr attr-name="st">
        <add-value>
          <value timestamp="1406545375#8" type="string">OH</value>
        </add-value>
      </modify-attr>
      <modify-attr attr-name="l">
        <add-value>
          <value timestamp="1406545375#9" type="string">DUBLIN</value>
        </add-value>
      </modify-attr>
    </modify>

Produced this DirXML Error with the LDAP Error

  <output>
    <status event-id="idv01#20140728110308#4#1:ff02b957-77d2-45a6-fe86-57b902ffd277" level="error" type="driver-general">
      <ldap-err ldap-rc="20" ldap-rc-name="LDAP_ATTRIBUTE_OR_VALUE_EXISTS">
        <client-err ldap-rc="20" ldap-rc-name="LDAP_ATTRIBUTE_OR_VALUE_EXISTS">Attribute Or Value Exists</client-err>
        <server-err>00002081: AtrErr: DSID-030F154F, #1:
        0: 00002081: DSID-030F154F, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 8 (st)</server-err>
        <server-err-ex win32-rc="8321"/>
      </ldap-err>
    </status>
  </output>

The LDAP_ATTRIBUTE_OR_VALUE_EXISTS implies there is already a value for the Att 8 (st).

More Information#

There might be more information for this subject on one of the following: ...nobody

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 20-Aug-2014 18:34 by jim