LDAP error: Invalid DN Syntax syncing user from eDirectory to AD
(Last modified: 31May2006)
This document (10100761) is provided subject to the disclaimer at the end of this document.
fact
DirXML Driver for Active Directory
Novell Identity Manager 3.0
AD Driver 3.1
symptom
LDAP error: Invalid DN Syntax syncing user from eDirectory to AD
LDAP_INVALID_DN_SYNTAX
<ldap-err ldap-rc="34" ldap-rc-name="LDAP_INVALID_DN_SYNTAX">
BAD_ATT_SYNTAX
DN syntax was correct and matched what was in AD.
Full Error:
<client-err ldap-rc="34" ldap-rc-name="LDAP_INVALID_DN_SYNTAX">Invalid DN Syntax</client-err>
<server-err>00002081: NameErr: DSID-03050ADF, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:
'CN=User Name,OU=ContainerName,OU=ContainerName,DC=DomainName,DC=COM'
cause
The Filter had been adjusted to have CN set to sync.
fix
Change the CN attribute for User and for Group needs to be set at Ignore for both Subscriber and Publisher. Additionally, the Organizational Unit Class needs to have its OU attribute set to Ignore on both channels.
note
In Active Directory the DN and CN are tied together. In the default AD driver on the subscriber channel in the placement rule, IDM builds the Source DN. By default we grab the unmatched source DN and concatenate it to the AD container specified during driver install. Then, if the Full Name attribute is available it will use the Full Name to concatenate to the pre-specified AD container. When the DN then synchronizes into AD the DN and the CN are updated. There is no need to synchronize the CN from eDirectory therefore it is set to Ignore in the filters.
document
| Document Title: | LDAP error: Invalid DN Syntax syncing user from eDirectory to AD |
| Document ID: | 10100761 |
| Solution ID: | NOVL105486 |
| Creation Date: | 22Mar2006 |
| Modified Date: | 31May2006 |
| Novell Product Class: | DirXML |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.