LDAP_OBJECT_CLASS_VIOLATION when syncing L attribute on a Group

  • 3440949
  • 20-Oct-2006
  • 26-Apr-2012

Environment

Novell Identity Manager Driver- Active Directory Driver

Situation

On a Group Object, if the driver tries to sync the eDirectory'L' attribute to the physicalDeliveryOfficeName attribute in Active Directory on Windows, an LDAP_OBJECT_CLASS_VIOLATION will occur. This is because In Active Directory, there is no equivalent to physicalDeliveryOfficeName for Groups as there is for Users objects.
In trace, something similar to the following may appear:
DirXML Log Event -------------------
Driver: \LAB159TREE\system\services\idm\DrvrSet0\AD0
Channel: Subscriber
Object: \LAB159TREE\myorgs\novell\testGroup0
Status: Error
Message: ldap-rc-name="LDAP_OBJECT_CLASS_VIOLATION">
ldap-rc-name="LDAP_OBJECT_CLASS_VIOLATION">Object Class Violation
0000207D: UpdErr: DSID-03150F9C, problem 6002
(OBJ_CLASS_VIOLATION), data 0



Resolution

For any existing Active Directory drivers, edit the filter and on the Group Class, delete the "L" attribute. In future versions of the Active Directory driver, this problem will be fixed in the Pre-config.