Issue has nothing to do with apache directory studio or ADLDS. Once I saw the packet capture I was able to identify the issue pretty quickly. Turns out to be a bug in MyVD where we were unnecessarily trying to be a little too smart by half with the bound credentials and weren't passing them through when we needed to do a pass-through bind to the downstream LDAP server.
Thanks On Thu, Feb 3, 2022 at 7:50 PM Emmanuel Lécharny <[email protected]> wrote: > > > On 03/02/2022 21:21, Marc Boorshtein wrote: > > This is a shot in the dark but I figured I'd ask. I've got a deployment > > of MyVD that is sitting in front of ADLDS. With Apache Directory > > Studio, 99% of the time, an ldapmodify add/delete uniqueMember > > generates an operations error from ADLDS with no additional error > > message. > > Do you have the full error message? > > Also how many members do you have in your group ? (M$ sets a Max Value > flr such a group and you may have reached the limit) > > What's really odd is the same operation using ldapmodify from > > openldap (and nearly every other client including some legacy ones that > > i'd be ashamed to admit are still out there) it works just fine. > > > > I can't reproduce the issue locally. The only thing I could think of is > > if some how the text encoding of the ldapmodify values is changing but > > at least in my own environment the values are byte-for-byte the same > > into MyVD as they are to ADLDS (did packet captures). > > > > Going to do packet captures on the customer site but anyone have any > > thoughts on this? it's baffling. > > Yeah, I guess we need the packet capture to figure out what's the > difference... > > > > > Thanks > > Marc > > -- > *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE > T. +33 (0)4 89 97 36 50 > P. +33 (0)6 08 33 32 61 > [email protected] https://www.busit.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
