[Fedora-directory-users] Windows Sync Error

Richard Megginson rmeggins at redhat.com
Tue Nov 28 23:28:39 UTC 2006 

Glenn wrote:
> I wasn't thinking when I said the directory server data was imported from 
> NT.  It actually came from a Netscape Directory server.  Just as a test, I 
> exported a few users to an ldif file and tried to use the ldifde on the W2003 
> domain controller to import them.  It seems to find a syntax error on every 
> line in the file, making it impossible to narrow it down.
>   
Do you have any trailing white space in those values?
> I can't possibly be the only person who has run into this problem.  Hoping 
> someone can shed some light.  Thanks.   -Glenn.
>
>
> ---------- Original Message -----------
> From: Richard Megginson <rmeggins at redhat.com>
> To: "General discussion list for the Fedora Directory server project." 
> <fedora-directory-users at redhat.com>
> Sent: Tue, 28 Nov 2006 10:46:52 -0700
> Subject: Re: [Fedora-directory-users] Windows Sync Error
>
>   
>> Glenn wrote:
>>     
>>> Posting the log entries near the error, including what appears to be the 
>>> ldif.  Thanks.   -G.
>>>
>>> [28/Nov/2006:10:37:08 -0600] - Windows sync entry: Created new remote 
>>>       
> entry:
>   
>>>  dn: cn=John Doe,ou=Domain Users,dc=ad,dc=example,dc=com
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalperson
>>> objectClass: user
>>> userprincipalname: jdoe at ad.example.com
>>> samaccountname: jdoe
>>> mail: jdoe at example.com
>>> userparameters:
>>> description: Reference Librarian
>>> sn: Doe
>>> telephoneNumber: 817-555-1234
>>> codepage:: AAAAAA==
>>> cn: John Doe
>>> userworkstations:
>>> title: Electronic Reference Librarian
>>> homeDirectory:
>>> profilepath:
>>> givenName: John
>>> facsimileTelephoneNumber: 817-555-2345
>>> scriptpath: nt_script.bat
>>>
>>> [28/Nov/2006:10:37:08 -0600] - Attempting to add entry cn=John 
>>>       
> Doe,ou=Domain 
>   
>>> Users,dc=ad,dc=example,dc=com to AD for local entry uid=jdoe,ou=people, 
>>> o=ourorg.org
>>> [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" 
>>> (boccherini:636): Received result code 21 (00000057: LdapErr: DSID-
>>>       
> 0C090B38, 
>   
>>> comment: Error in attribute conversion operation, data 0, vece) for add 
>>> operation 
>>> [28/Nov/2006:10:37:08 -0600] NSMMReplicationPlugin - agmt="cn=ldap-ad-5" 
>>> (boccherini:636): windows_replay_update: Cannot replay add operation.
>>>   
>>>       
>> It's hard to tell without knowing which attribute is complaining 
>> about.  But I would guess that, since this data has been migrated 
>> from NT4, some of the attributes have changed syntax, and MS AD does 
>> not like the old values, or perhaps doesn't like the empty values.
>>     
>>> ---------- Original Message -----------
>>> From: Richard Megginson <rmeggins at redhat.com>
>>> To: "General discussion list for the Fedora Directory server project." 
>>> <fedora-directory-users at redhat.com>
>>> Sent: Tue, 28 Nov 2006 10:09:32 -0700
>>> Subject: Re: [Fedora-directory-users] Windows Sync Error
>>>
>>>   
>>>       
>>>> Glenn wrote:
>>>>     
>>>>         
>>>>> I'm still trying to get my evaluation copy of Red Hat Directory Server 
>>>>> 7.1SP3 to sync with Windows Active Directory.  The latest hitch is an 
>>>>>       
>>>>>           
>>> error 
>>>   
>>>       
>>>>> message following an initial re-synchronization attempt.  The Directory 
>>>>> Server has a few hundred users imported from a Windows NT domain.  The 
>>>>> Active Directory server has none of those users, so the initial re-sync 
>>>>> should add them to AD.  The error occurs when Windows Sync tries to add 
>>>>>       
>>>>>           
>>> the 
>>>   
>>>       
>>>>> first user entry to the Active Directory.  The message is:
>>>>>
>>>>> Attempting to add entry cn=John Doe,ou=Domain 
>>>>>       
>>>>>           
>>> Users,dc=ad,dc=example,dc=com 
>>>   
>>>       
>>>>> to AD for local entry uid=jdoe,ou=people,o=ourorg.com
>>>>>
>>>>> Followed by:
>>>>>
>>>>> (ADserver:636): Received result code 21 (00000057: LdapErr: DSID-
>>>>>       
>>>>>           
>>> 0C090B38, 
>>>   
>>>       
>>>>> comment: Error in attribute conversion operation, data 0, vece) for add 
>>>>> operation
>>>>>   
>>>>>       
>>>>>           
>>>> Error 21 is
>>>> #define LDAP_INVALID_SYNTAX             0x15    /* 21 */
>>>>
>>>> So AD thinks one of the attributes sent over has an invalid value 
>>>> that doesn't correspond to the syntax it is expecting, or something 
>>>> like that. It might be helpful if you post the LDIF of the entry it 
>>>> has problems with, being careful to obscure any private data.
>>>>     
>>>>         
>>>>> I would appreciate any insight.  Hoping to see if this actually works 
>>>>>       
>>>>>           
>>> before 
>>>   
>>>       
>>>>> the 30-day evaluation runs out.  Thanks.   -Glenn.
>>>>>
>>>>>  
>>>>>           
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20061128/032cf99b/attachment.bin>

More information about the Fedora-directory-users mailing list