Some users are not synchronizing from eDirectory to Active Directory

(Last modified: 06Jul2005)

This document (10097756) is provided subject to the disclaimer at the end of this document.

fact

Novell Identity Manager 2.0.1/2.0.2(OES)

Active Directory Driver

symptom

Some users are not synchronizing from eDirectory to Active Directory

Error: "<ldap-err ldap-rc="19" ldap-rc-name="LDAP_CONSTRAINT_VIOLATION">"

Error: "<client-err ldap-rc="19" ldap-rc-name="LDAP_CONSTRAINT_VIOLATION">Constraint Violation</client-err>"

cause

Associated with the above errors was the following line:

0: 00002081: DSID-03151077, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 13 (physicalDeliveryOfficeName)
The above line indicates that the physicalDeliveryOfficeName attribute has a constraint violation.

The schema mapping rule on the driver shows that the physicalDeliveryOfficeName, in AD, is mapped to the L attribute in eDirectory.
Looking in dsbrowse or iMonitor, we see that this attribute is multi-valued.

Microsoft's schema rules for this attribute show it as being single valued.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_physicaldeliveryofficename.asp

further up in the trace we found the following  information regarding the values for this attribute:


<add-attr attr-name="physicalDeliveryOfficeName">
        <value timestamp="1115749778#15" type="string"> 1635 West Michigan Street</value>
        <value timestamp="1115749778#16" type="string">Indy Goodwill</value>
      </add-attr>


fix

Working as designed. This is a design issue and it is up to the customer to decide how they desire their data to flow.
 
Based on the schema rules and their differences, it is impossible to send two values to AD when AD specifies this attribute to be single valued.

Customization would be required, to possibly take both values and make them into one. So it would read, "1635 West Michigan Street, Indy Goodwill"

Another alternative is to determine if this attribute is absolutely required and if it needs multiple values in eDirectory.

A Novell Cool Solution has been created which can help with this problem.  It tells how to convert a Multi-valued Attribute to a Single-valued, Comma-delimited String.  It can be found at http://www.novell.com/coolsolutions/tip/15107.html

 

document

Document Title: Some users are not synchronizing from eDirectory to Active Directory
Document ID: 10097756
Solution ID: NOVL102137
Creation Date: 21May2005
Modified Date: 06Jul2005
Novell Product Class:DirXML

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.