[389-users] OU attribute in AD replication agreement

Juan Asensio Sánchez okelet at gmail.com
Thu Dec 1 15:14:53 UTC 2011 

Hi

I continue trying to replicate the users from the 389 directory to an
AD server. After removing language subtype attributes, I get now this
error when a user contains an "ou" attribute:

[01/Dec/2011:13:50:04 +0100] NSMMReplicationPlugin - agmt="cn=ll"
(XXXX:636): windows_process_total_entry: Looking
dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=XXXX" (ours)
[01/Dec/2011:13:50:04 +0100] NSMMReplicationPlugin - agmt="cn=ll"
(XXXX:636): map_entry_dn_outbound: looking for AD entry for DS
dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=XXXX"
guid="a76de75aca5cc74ca5425d4d7435797a"
[01/Dec/2011:13:50:04 +0100] NSMMReplicationPlugin - agmt="cn=ll"
(XXXX:636): map_entry_dn_outbound: looking for AD entry for DS
dn="uid=XXXX,ou=People,o=XXXX,dc=XXXX,dc=XXXX" username="XXXX"
[01/Dec/2011:13:50:04 +0100] - Calling windows entry search request plugin
[01/Dec/2011:13:50:04 +0100] - windows_search_entry: recieved 1
messages, 0 entries, 0 references
[01/Dec/2011:13:50:04 +0100] NSMMReplicationPlugin - agmt="cn=ll"
(XXXX:636): map_entry_dn_outbound: entry not found - rc 0
[01/Dec/2011:13:50:04 +0100] - Windows sync entry: Created new remote entry:
 dn:: XXXX
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: user
userprincipalname: XXXX at pruebas.local
st: XXXX
postalCode: XXXX
postalAddress:: XXXX
streetAddress:: XXXX
facsimileTelephoneNumber: XXXX
telephoneNumber: XXXX
mail: XXXX
o: XXXX
l: XXXX
ou: XXXX
givenName: XXXX
sn:: XXXX
cn:: XXXX
sAMAccountName: XXXX
accountExpires: 0
codePage: 0

[01/Dec/2011:13:50:04 +0100] - Attempting to add entry
cn=XXXX,ou=LDAPPeople,dc=pruebas,dc=local to AD for local entry
uid=XXXX,ou=XXXX,o=XXXX,dc=XXXX,dc=XXXX
[01/Dec/2011:13:50:04 +0100] NSMMReplicationPlugin - agmt="cn=ll"
(XXXX:636): Received error [00002082: AtrErr: DSID-03151145, #1: 	0:
00002082: DSID-03151145, problem 1005 (CONSTRAINT_ATT_TYPE), data 0,
Att b (ou):len 262 ] when attempting to add entry
[cn=XXXX,ou=LDAPPeople,dc=pruebas,dc=local]: Please correct the
attribute specified in the error message.  Refer to the Windows Active
Directory docs for more information.

After googling testing, i realized that the attribute "ou" in AD is
limited to 64 chars, when the values of that attribute in our
directory are larger. Perhaps, this could be avoided excluding the
attribute from the agreement, nut nowadays that is not possible. So
the only solution I have is to modify the schema of AD so that
attribute could hold larger values; but I have not found any solution
for this. Anyone does know how to do this?

Thanks in advance.

More information about the 389-users mailing list