Glenn wrote:
Posting the log entries near the error, including what appears to be
the
ldif. Thanks. -G.
[28/Nov/2006:10:37:08 -0600] - Windows sync entry: Created new remote entry:
dn: cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: user
userprincipalname: jdoe(a)ad.example.com
samaccountname: jdoe
mail: jdoe(a)example.com
userparameters:
description: Reference Librarian
sn: Doe
telephoneNumber: 817-555-1234
codepage:: AAAAAA==
cn: John Doe
userworkstations:
title: Electronic Reference Librarian
homeDirectory:
profilepath:
givenName: John
facsimileTelephoneNumber: 817-555-2345
scriptpath: nt_script.bat
[28/Nov/2006:10:37:08 -0600] - Attempting to add entry cn=John Doe,ou=Domain
Users,dc=ad,dc=example,dc=com to AD for local entry uid=jdoe,ou=people,
o=ourorg.org
[28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5"
(boccherini:636): Received result code 21 (00000057: LdapErr: DSID-0C090B38,
comment: Error in attribute conversion operation, data 0, vece) for add
operation
[28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5"
(boccherini:636): windows_replay_update: Cannot replay add operation.
It's hard to tell without knowing which attribute is complaining about.
But I would guess that, since this data has been migrated from NT4, some
of the attributes have changed syntax, and MS AD does not like the old
values, or perhaps doesn't like the empty values.
---------- Original Message -----------
From: Richard Megginson <rmeggins(a)redhat.com>
To: "General discussion list for the Fedora Directory server project."
<fedora-directory-users(a)redhat.com>
Sent: Tue, 28 Nov 2006 10:09:32 -0700
Subject: Re: [Fedora-directory-users] Windows Sync Error
> Glenn wrote:
>
>> I'm still trying to get my evaluation copy of Red Hat Directory Server
>> 7.1SP3 to sync with Windows Active Directory. The latest hitch is an
>>
error
>> message following an initial re-synchronization attempt. The Directory
>> Server has a few hundred users imported from a Windows NT domain. The
>> Active Directory server has none of those users, so the initial re-sync
>> should add them to AD. The error occurs when Windows Sync tries to add
>>
the
>> first user entry to the Active Directory. The message is:
>>
>> Attempting to add entry cn=John Doe,ou=Domain
>>
Users,dc=ad,dc=example,dc=com
>> to AD for local entry
uid=jdoe,ou=people,o=ourorg.com
>>
>> Followed by:
>>
>> (ADserver:636): Received result code 21 (00000057: LdapErr: DSID-
>>
0C090B38,
>> comment: Error in attribute conversion operation, data 0, vece) for add
>> operation
>>
>>
> Error 21 is
> #define LDAP_INVALID_SYNTAX 0x15 /* 21 */
>
> So AD thinks one of the attributes sent over has an invalid value
> that doesn't correspond to the syntax it is expecting, or something
> like that. It might be helpful if you post the LDIF of the entry it
> has problems with, being careful to obscure any private data.
>
>> I would appreciate any insight. Hoping to see if this actually works
>>
before
>> the 30-day evaluation runs out. Thanks. -Glenn.
>>
>>
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users