The NT synch plugin is vgetoing your modify because changing those attributes would
confuse it. To add them, disable the plugin while you make the modification.
Jim McCullars wrote:
> Greetings:
>
> I'm trying to use a perLDAP script to add ntUser attributes to existing
> directory entries so that the NT Directory Synchronization will propogate
> those entries to an NT domain. I can add the attributes via LDIF statements,
> and I can add them when creating a directory entry with perLDAP, but if I
> try to add the attributes to an existing directory entry, it fails. Here
> is the code to add the attributes. Note that I have already connected and
> retrieved the entry:
>
> $entry = $ldap->search($baseDN, "sub", "(employeeNumber=$employeenumber)",0);
> if (! $entry) {
> print"No entry for $employeenumber\n";
> next;
> }
> $uid = $entry->{uid}[0];
> $entry->addValue("objectclass", "ntUser");
> $entry->setValues("ntUserDomainID", "ISPCLAB:$uid");
> my $a = "$entry->{ntuserdomainid}[0]";
> print"a is $a\n";
> print"The uid is $uid\n";
> #$entry->setValues("ntUserCreateNewAccount", "true");
> #$entry->setValues("ntUserDeleteAccount", "true");
> $ret = $ldap->update($entry);
> print"The return code was $ret\n";
> $ldap->printError() if $ldap->getErrorCode();
>
> When I try running the script, here is the output:
>
> a is ISPCLAB:aaronj
> The uid is aaronj
> The return code was 0
> LDAP error: DSA is unwilling to perform
>
> and the error log shows this:
>
> [05/Oct/2001:08:47:45 -0500] - libntsynch_send_modify_opern_to_ss failed
> [05/Oct/2001:08:47:45 -0500] - preop modify of DN: "uid=aaronj,ou=people,dc=uah,
> dc=edu" - vetoed by plugin, readonly attribute being modified
>
> I can't figure our what readonly attribute the plugin thinks I am trying
> to modify, because all I am doing is adding the ntUser objectclass, and adding
> the three attributes ntUserDomainID, ntUserCreateNewAccount, and
> ntUserDeleteAccount. That exact code works if I am creating the directory
> entry instead of trying to modify an existing one. Can anyone shed any light
> on this? Thanks...
>
> Jim
> P.S. - Running Directory Server 4.13 under Solaris 2.6. The script
> (in case it's the SDK that's having the problem) is running under Solaris
> 2.5.1.
>
> *-------------------------------------------------------------------------*
> * James H. McCullars I Phone: (256) 824-2610 *
> * Director of Systems & Operations I Fax: (256) 824-6643 *
> * Information Services I Internet: [EMAIL PROTECTED] *
> * The University of Alabama I -----------------------------------*
> * in Huntsville I *
> * Huntsville, AL 35899 I This space for rent - CHEAP! *
> *-------------------------------------------------------------------------*
