I ran into a small problem where one of my users has a uid that is 22 characters in length and I received the [LDAP: error code 80 - 00000523] error. I looked up the error and its:
Active Directory has a limitation of 20 characters for the user account name; for example, uid or cn. If you create a user with more than 20 character Is there a way around this other than shortening the users uid name? Thanks, Brian -----Original Message----- From: Clément OUDOT [mailto:[email protected]] Sent: Thursday, November 03, 2011 4:48 AM To: Rohler, Brian L Cc: [email protected] Subject: Re: [lsc-users] LDAP: error code 53 - 00002077 2011/11/3 Rohler, Brian L <[email protected]>: > I'm actually getting very close to being able to put the dst.uid in place of > the src.cn. Why is ldap complaining with error code 34? > > Nov 02 23:45:59 - DEBUG - Synchronizing user for {gidnumber=3000, > uid=Tom Smith, uidnumber=4146} Nov 02 23:45:59 - DEBUG - In entry > "CN=tsmith,CN=Users": List of attributes considered for writing in > destination: [sn, AD.userAccountControl, cn, sAMAccountName, > gidNumber, uidNumber, objectClass, givenName] Nov 02 23:45:59 - DEBUG > - In entry "CN=tsmith,CN=Users": Attribute "sn" is in FORCE status > Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding > attribute "sn" with values [tsmith] Nov 02 23:45:59 - DEBUG - In entry > "CN=tsmith,CN=Users": Attribute "AD.userAccountControl" is in FORCE > status Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": > Attribute "AD.userAccountControl" will not be written to the > destination Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": > Attribute "cn" is in FORCE status Nov 02 23:45:59 - DEBUG - In entry > "CN=tsmith,CN=Users": Adding attribute "cn" with values [Tom Smith] > Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute > "sAMAccountName" is in FORCE status Nov 02 23:45:59 - DEBUG - In entry > "CN=tsmith,CN=Users": Adding attribute "sAMAccountName" with values > [tsmith] Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": > Attribute "gidNumber" is in FORCE status Nov 02 23:45:59 - DEBUG - In entry > "CN=tsmith,CN=Users": Adding attribute "gidNumber" with values [3000] Nov 02 > 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "uidNumber" is > in FORCE status Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": > Adding attribute "uidNumber" with values [4146] Nov 02 23:45:59 - DEBUG - In > entry "CN=tsmith,CN=Users": Attribute "objectClass" is in FORCE status Nov > 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Adding attribute > "objectClass" with values [organizationalPerson, person, user, top] Nov 02 > 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": Attribute "givenName" is > in FORCE status Nov 02 23:45:59 - DEBUG - In entry "CN=tsmith,CN=Users": > Adding attribute "givenName" with values [Tom Smith] Nov 02 23:45:59 - ERROR > - Error while adding entry CN=tsmith,CN=Users in directory > :javax.naming.InvalidNameException: CN=tsmith,CN=Users: [LDAP: error code 34 > - 00002081: NameErr: DSID-03050C42, problem 2003 (BAD_ATT_SYNTAX), data 0, > best match of: > 'CN=tsmith,CN=Users,dc=example,dc=local' > ]; remaining name 'CN=tsmith,CN=Users' > Nov 02 23:45:59 - ERROR - Error while synchronizing ID > CN=tsmith,CN=Users: java.lang.Exception: Technical problem while > applying modifications to directory Nov 02 23:45:59 - DEBUG - > java.lang.Exception: Technical problem while applying modifications to > directory > java.lang.Exception: Technical problem while applying modifications to > directory > at > org.lsc.AbstractSynchronize.synchronize2Ldap(AbstractSynchronize.java: > 399) [lsc-core-1.2.1.jar:na] > at > org.lsc.SimpleSynchronize.launchTask(SimpleSynchronize.java:272) > [lsc-core-1.2.1.jar:na] > at org.lsc.SimpleSynchronize.launch(SimpleSynchronize.java:155) > [lsc-core-1.2.1.jar:na] > at org.lsc.Launcher.run(Launcher.java:151) > [lsc-core-1.2.1.jar:na] > at org.lsc.Launcher.main(Launcher.java:123) > [lsc-core-1.2.1.jar:na] > dn: CN=tsmith,CN=Users,DC=example,DC=local > changetype: add > sn: tsmith > cn: Tom Smith > sAMAccountName: tsmith > gidNumber: 3000 > uidNumber: 4146 > objectClass: organizationalPerson > objectClass: person > objectClass: user > objectClass: top > givenName: Tom Smith Hi, please check your configuration, because what I see is that the CN value inside the entry is not the CN value from the DN. You maybe swapped cn and sn in your configuration. You must build a correct entry to be able to add it in AD. You can try to add it manually with ldapadd to do tests. Clément. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
