perLDAP or Directory Sync question

Fri, 05 Oct 2001 06:44:01 -0700 

   I'm trying to use a perLDAP script to add ntUser attributes to existing
directory entries so that the NT Directory Synchronization will propogate
those entries to an NT domain.  I can add the attributes via LDIF statements,
and I can add them when creating a directory entry with perLDAP, but if I 
try to add the attributes to an existing directory entry, it fails.  Here
is the code to add the attributes.  Note that I have already connected and
retrieved the entry:

  $entry = $ldap->search($baseDN, "sub", "(employeeNumber=$employeenumber)",0);
  if (! $entry) {
    print"No entry for $employeenumber\n";
    next;
  }
  $uid = $entry->{uid}[0];
  $entry->addValue("objectclass", "ntUser");
  $entry->setValues("ntUserDomainID", "ISPCLAB:$uid");
  my $a = "$entry->{ntuserdomainid}[0]";
  print"a is $a\n";
  print"The uid is $uid\n";
  #$entry->setValues("ntUserCreateNewAccount", "true");
  #$entry->setValues("ntUserDeleteAccount", "true");
  $ret = $ldap->update($entry);
  print"The return code was $ret\n";
  $ldap->printError() if $ldap->getErrorCode();

When I try running the script, here is the output:

a is ISPCLAB:aaronj
The uid is aaronj
The return code was 0
LDAP error: DSA is unwilling to perform

and the error log shows this:

[05/Oct/2001:08:47:45 -0500] - libntsynch_send_modify_opern_to_ss failed
[05/Oct/2001:08:47:45 -0500] - preop modify of DN: "uid=aaronj,ou=people,dc=uah,
dc=edu" - vetoed by plugin, readonly attribute being modified

I can't figure our what readonly attribute the plugin thinks I am trying
to modify, because all I am doing is adding the ntUser objectclass, and adding
the three attributes ntUserDomainID, ntUserCreateNewAccount, and
ntUserDeleteAccount.  That exact code works if I am creating the directory
entry instead of trying to modify an existing one.  Can anyone shed any light
on this?  Thanks...

Jim
P.S. - Running Directory Server 4.13 under Solaris 2.6.  The script 
(in case it's the SDK that's having the problem) is running under Solaris
2.5.1.

*-------------------------------------------------------------------------*
* James H. McCullars                 I Phone: (256) 824-2610              *
* Director of Systems & Operations   I Fax:   (256) 824-6643              *
* Information Services               I Internet: [EMAIL PROTECTED]    *
* The University of Alabama          I -----------------------------------*
*    in Huntsville                   I                                    *
* Huntsville, AL 35899               I This space for rent - CHEAP!       *
*-------------------------------------------------------------------------*

Reply via email to