[Fedora-directory-users] Windows Sync Error

Richard Megginson rmeggins at redhat.com
Tue Nov 28 17:46:52 UTC 2006 

Glenn wrote:
> Posting the log entries near the error, including what appears to be the 
> ldif.  Thanks.   -G.
>
> [28/Nov/2006:10:37:08 -0600] - Windows sync entry: Created new remote entry:
>  dn: cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com
> objectClass: top
> objectClass: person
> objectClass: organizationalperson
> objectClass: user
> userprincipalname: jdoe at ad.example.com
> samaccountname: jdoe
> mail: jdoe at example.com
> userparameters:
> description: Reference Librarian
> sn: Doe
> telephoneNumber: 817-555-1234
> codepage:: AAAAAA==
> cn: John Doe
> userworkstations:
> title: Electronic Reference Librarian
> homeDirectory:
> profilepath:
> givenName: John
> facsimileTelephoneNumber: 817-555-2345
> scriptpath: nt_script.bat
>
> [28/Nov/2006:10:37:08 -0600] - Attempting to add entry cn=John Doe,ou=Domain 
> Users,dc=ad,dc=example,dc=com to AD for local entry uid=jdoe,ou=people, 
> o=ourorg.org
> [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" 
> (boccherini:636): Received result code 21 (00000057: LdapErr: DSID-0C090B38, 
> comment: Error in attribute conversion operation, data 0, vece) for add 
> operation 
> [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" 
> (boccherini:636): windows_replay_update: Cannot replay add operation.
>   
It's hard to tell without knowing which attribute is complaining about.  
But I would guess that, since this data has been migrated from NT4, some 
of the attributes have changed syntax, and MS AD does not like the old 
values, or perhaps doesn't like the empty values.
>
>
> ---------- Original Message -----------
> From: Richard Megginson <rmeggins at redhat.com>
> To: "General discussion list for the Fedora Directory server project." 
> <fedora-directory-users at redhat.com>
> Sent: Tue, 28 Nov 2006 10:09:32 -0700
> Subject: Re: [Fedora-directory-users] Windows Sync Error
>
>   
>> Glenn wrote:
>>     
>>> I'm still trying to get my evaluation copy of Red Hat Directory Server 
>>> 7.1SP3 to sync with Windows Active Directory.  The latest hitch is an 
>>>       
> error 
>   
>>> message following an initial re-synchronization attempt.  The Directory 
>>> Server has a few hundred users imported from a Windows NT domain.  The 
>>> Active Directory server has none of those users, so the initial re-sync 
>>> should add them to AD.  The error occurs when Windows Sync tries to add 
>>>       
> the 
>   
>>> first user entry to the Active Directory.  The message is:
>>>
>>> Attempting to add entry cn=John Doe,ou=Domain 
>>>       
> Users,dc=ad,dc=example,dc=com 
>   
>>> to AD for local entry uid=jdoe,ou=people,o=ourorg.com
>>>
>>> Followed by:
>>>
>>> (ADserver:636): Received result code 21 (00000057: LdapErr: DSID-
>>>       
> 0C090B38, 
>   
>>> comment: Error in attribute conversion operation, data 0, vece) for add 
>>> operation
>>>   
>>>       
>> Error 21 is
>> #define LDAP_INVALID_SYNTAX             0x15    /* 21 */
>>
>> So AD thinks one of the attributes sent over has an invalid value 
>> that doesn't correspond to the syntax it is expecting, or something 
>> like that. It might be helpful if you post the LDIF of the entry it 
>> has problems with, being careful to obscure any private data.
>>     
>>> I would appreciate any insight.  Hoping to see if this actually works 
>>>       
> before 
>   
>>> the 30-day evaluation runs out.  Thanks.   -Glenn.
>>>
>>>       
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20061128/d453c84b/attachment.bin>

More information about the 389-users mailing list