[Fedora-directory-users] Windows Sync Error

Glenn glenn at mail.txwes.edu
Tue Nov 28 23:07:57 UTC 2006 

I wasn't thinking when I said the directory server data was imported from 
NT.  It actually came from a Netscape Directory server.  Just as a test, I 
exported a few users to an ldif file and tried to use the ldifde on the W2003 
domain controller to import them.  It seems to find a syntax error on every 
line in the file, making it impossible to narrow it down.

I can't possibly be the only person who has run into this problem.  Hoping 
someone can shed some light.  Thanks.   -Glenn.


---------- Original Message -----------
From: Richard Megginson <rmeggins at redhat.com>
To: "General discussion list for the Fedora Directory server project." 
<fedora-directory-users at redhat.com>
Sent: Tue, 28 Nov 2006 10:46:52 -0700
Subject: Re: [Fedora-directory-users] Windows Sync Error

> Glenn wrote:
> > Posting the log entries near the error, including what appears to be the 
> > ldif.  Thanks.   -G.
> >
> > [28/Nov/2006:10:37:08 -0600] - Windows sync entry: Created new remote 
entry:
> >  dn: cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalperson
> > objectClass: user
> > userprincipalname: jdoe at ad.example.com
> > samaccountname: jdoe
> > mail: jdoe at example.com
> > userparameters:
> > description: Reference Librarian
> > sn: Doe
> > telephoneNumber: 817-555-1234
> > codepage:: AAAAAA==
> > cn: John Doe
> > userworkstations:
> > title: Electronic Reference Librarian
> > homeDirectory:
> > profilepath:
> > givenName: John
> > facsimileTelephoneNumber: 817-555-2345
> > scriptpath: nt_script.bat
> >
> > [28/Nov/2006:10:37:08 -0600] - Attempting to add entry cn=John 
Doe,ou=Domain 
> > Users,dc=ad,dc=example,dc=com to AD for local entry uid=jdoe,ou=people, 
> > o=ourorg.org
> > [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" 
> > (boccherini:636): Received result code 21 (00000057: LdapErr: DSID-
0C090B38, 
> > comment: Error in attribute conversion operation, data 0, vece) for add 
> > operation 
> > [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" 
> > (boccherini:636): windows_replay_update: Cannot replay add operation.
> >   
> It's hard to tell without knowing which attribute is complaining 
> about.  But I would guess that, since this data has been migrated 
> from NT4, some of the attributes have changed syntax, and MS AD does 
> not like the old values, or perhaps doesn't like the empty values.
> >
> >
> > ---------- Original Message -----------
> > From: Richard Megginson <rmeggins at redhat.com>
> > To: "General discussion list for the Fedora Directory server project." 
> > <fedora-directory-users at redhat.com>
> > Sent: Tue, 28 Nov 2006 10:09:32 -0700
> > Subject: Re: [Fedora-directory-users] Windows Sync Error
> >
> >   
> >> Glenn wrote:
> >>     
> >>> I'm still trying to get my evaluation copy of Red Hat Directory Server 
> >>> 7.1SP3 to sync with Windows Active Directory.  The latest hitch is an 
> >>>       
> > error 
> >   
> >>> message following an initial re-synchronization attempt.  The Directory 
> >>> Server has a few hundred users imported from a Windows NT domain.  The 
> >>> Active Directory server has none of those users, so the initial re-sync 
> >>> should add them to AD.  The error occurs when Windows Sync tries to add 
> >>>       
> > the 
> >   
> >>> first user entry to the Active Directory.  The message is:
> >>>
> >>> Attempting to add entry cn=John Doe,ou=Domain 
> >>>       
> > Users,dc=ad,dc=example,dc=com 
> >   
> >>> to AD for local entry uid=jdoe,ou=people,o=ourorg.com
> >>>
> >>> Followed by:
> >>>
> >>> (ADserver:636): Received result code 21 (00000057: LdapErr: DSID-
> >>>       
> > 0C090B38, 
> >   
> >>> comment: Error in attribute conversion operation, data 0, vece) for add 
> >>> operation
> >>>   
> >>>       
> >> Error 21 is
> >> #define LDAP_INVALID_SYNTAX             0x15    /* 21 */
> >>
> >> So AD thinks one of the attributes sent over has an invalid value 
> >> that doesn't correspond to the syntax it is expecting, or something 
> >> like that. It might be helpful if you post the LDIF of the entry it 
> >> has problems with, being careful to obscure any private data.
> >>     
> >>> I would appreciate any insight.  Hoping to see if this actually works 
> >>>       
> > before 
> >   
> >>> the 30-day evaluation runs out.  Thanks.   -Glenn.
> >>>
> >>>

More information about the Fedora-directory-users mailing list