I wasn't thinking when I said the directory server data was
imported from
NT. It actually came from a Netscape Directory server. Just as a test, I
exported a few users to an ldif file and tried to use the ldifde on the W2003
domain controller to import them. It seems to find a syntax error on every
line in the file, making it impossible to narrow it down.
I can't possibly be the only person who has run into this
problem. Hoping
someone can shed some light. Thanks. -Glenn.
---------- Original Message -----------
From: Richard Megginson <rmeggins(a)redhat.com>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>
Sent: Tue, 28 Nov 2006 10:46:52 -0700
Subject: Re: [Fedora-directory-users] Windows Sync Error
> Glenn wrote:
>
>> Posting the log entries near the error, including what appears to be the
>> ldif. Thanks. -G.
>>
>> [28/Nov/2006:10:37:08 -0600] - Windows sync entry: Created new remote
>>
entry:
>> dn: cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalperson
>> objectClass: user
>> userprincipalname: jdoe(a)ad.example.com
>> samaccountname: jdoe
>> mail: jdoe(a)example.com
>> userparameters:
>> description: Reference Librarian
>> sn: Doe
>> telephoneNumber: 817-555-1234
>> codepage:: AAAAAA==
>> cn: John Doe
>> userworkstations:
>> title: Electronic Reference Librarian
>> homeDirectory:
>> profilepath:
>> givenName: John
>> facsimileTelephoneNumber: 817-555-2345
>> scriptpath: nt_script.bat
>>
>> [28/Nov/2006:10:37:08 -0600] - Attempting to add entry cn=John
>>
Doe,ou=Domain
>> Users,dc=ad,dc=example,dc=com to AD for local entry uid=jdoe,ou=people,
>>
o=ourorg.org
>> [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin -
agmt="cn=ldap-ad-5"
>> (boccherini:636): Received result code 21 (00000057: LdapErr: DSID-
>>
0C090B38,
>> comment: Error in attribute conversion operation, data 0, vece) for add
>> operation
>> [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin -
agmt="cn=ldap-ad-5"
>> (boccherini:636): windows_replay_update: Cannot replay add operation.
>>
>>
> It's hard to tell without knowing which attribute is complaining
> about. But I would guess that, since this data has been migrated
> from NT4, some of the attributes have changed syntax, and MS AD does
> not like the old values, or perhaps doesn't like the empty values.
>
>> ---------- Original Message -----------
>> From: Richard Megginson <rmeggins(a)redhat.com>
>> To: "General discussion list for the Fedora Directory server project."
>> <fedora-directory-users(a)redhat.com>
>> Sent: Tue, 28 Nov 2006 10:09:32 -0700
>> Subject: Re: [Fedora-directory-users] Windows Sync Error
>>
>>
>>
>>> Glenn wrote:
>>>
>>>
>>>> I'm still trying to get my evaluation copy of Red Hat Directory
Server
>>>> 7.1SP3 to sync with Windows Active Directory. The latest hitch is an
>>>>
>>>>
>> error
>>
>>
>>>> message following an initial re-synchronization attempt. The Directory
>>>> Server has a few hundred users imported from a Windows NT domain. The
>>>> Active Directory server has none of those users, so the initial re-sync
>>>> should add them to AD. The error occurs when Windows Sync tries to add
>>>>
>>>>
>> the
>>
>>
>>>> first user entry to the Active Directory. The message is:
>>>>
>>>> Attempting to add entry cn=John Doe,ou=Domain
>>>>
>>>>
>> Users,dc=ad,dc=example,dc=com
>>
>>
>>>> to AD for local entry
uid=jdoe,ou=people,o=ourorg.com
>>>>
>>>> Followed by:
>>>>
>>>> (ADserver:636): Received result code 21 (00000057: LdapErr: DSID-
>>>>
>>>>
>> 0C090B38,
>>
>>
>>>> comment: Error in attribute conversion operation, data 0, vece) for add
>>>> operation
>>>>
>>>>
>>>>
>>> Error 21 is
>>> #define LDAP_INVALID_SYNTAX 0x15 /* 21 */
>>>
>>> So AD thinks one of the attributes sent over has an invalid value
>>> that doesn't correspond to the syntax it is expecting, or something
>>> like that. It might be helpful if you post the LDIF of the entry it
>>> has problems with, being careful to obscure any private data.
>>>
>>>
>>>> I would appreciate any insight. Hoping to see if this actually works
>>>>
>>>>
>> before
>>
>>
>>>> the 30-day evaluation runs out. Thanks. -Glenn.
>>>>
>>>>
>>>>
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users