Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

AD to AD Sync

278 views
Skip to first unread message

Bill

unread,
Apr 18, 2011, 3:52:37 PM4/18/11
to
Hello. I am trying to setup sync certain users between two ad
domains. I have
1) AD read connector that reads certain object and
2) LDAP AD update connector that connects to the second domain and
adds/update objects

During this process the DN is changed so the origional object is
placed in a different OU.

Everything seems to work correctly if the object doesn't exist in the
2nd forrest or ad domain. However, if the object exist, the update
fails with following error:

Note: this works fine if I sync between two different TDS 6.1
servers. can you please help?

15:43:49 [2. Write ADEDEV] CTGDIS495I handleException , update,
javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr:
DSID-031B0CEC, problem 5012 (DIR_ERROR), data 3
]; remaining name 'cn=adm-yadah157,OU=MARRTEST
Objects,DC=dev1,DC=dev,DC=test,DC=com'
15:43:49 [2. Write ADEDEV] CTGDIS810E handleException - cannot handle
exception , update
javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr:
DSID-031B0CEC, problem 5012 (DIR_ERROR), data 3
]; remaining name 'cn=adm-yadah157,OU=MARRTEST
Objects,DC=dev1,DC=dev,DC=test,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3044)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2946)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2752)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1452)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:
270)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:
187)
at
javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:
164)
at com.ibm.di.connector.LDAPConnector.modEntry(Unknown Source)
at com.ibm.di.server.AssemblyLineComponent.modify(Unknown Source)
at com.ibm.di.server.AssemblyLineComponent.update(Unknown Source)
at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(Unknown
Source)
at com.ibm.di.server.AssemblyLine.executeMainStep(Unknown Source)
at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source)
at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source)
at com.ibm.di.server.AssemblyLine.executeAL(Unknown Source)
at com.ibm.di.server.AssemblyLine.run(Unknown Source)
15:43:49 CTGDIS266E Error in NextConnectorOperation. Exception
occurred: javax.naming.NamingException: [LDAP: error code 80 -
00002089: UpdErr: DSID-031B0CEC, problem 5012 (DIR_ERROR), data 3
]; remaining name 'cn=adm-yadah157,OU=MARRTEST
Objects,DC=dev1,DC=dev,DC=test,DC=com'
javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr:
DSID-031B0CEC, problem 5012 (DIR_ERROR), data 3
]; remaining name 'cn=adm-yadah157,OU=MARRTEST
Objects,DC=dev1,DC=dev,DC=test,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3044)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2946)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2752)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1452)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:
270)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:
187)
at
javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:
164)
at com.ibm.di.connector.LDAPConnector.modEntry(Unknown Source)
at com.ibm.di.server.AssemblyLineComponent.modify(Unknown Source)
at com.ibm.di.server.AssemblyLineComponent.update(Unknown Source)
at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(Unknown
Source)
at com.ibm.di.server.AssemblyLine.executeMainStep(Unknown Source)
at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source)
at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source)
at com.ibm.di.server.AssemblyLine.executeAL(Unknown Source)
at com.ibm.di.server.AssemblyLine.run(Unknown Source)

Bill

unread,
Apr 18, 2011, 9:56:16 PM4/18/11
to

The problem was corrected. It was an issue with AD not allowing $DN,
distanguishedName, CN attributes to be modifed in update mode

mdpe...@gmail.com

unread,
Oct 2, 2012, 4:53:09 PM10/2/12
to
On Monday, April 18, 2011 9:56:16 PM UTC-4, Bill wrote:
> On Apr 18, 3:52 pm, Bill <ldap.engineer...@gmail.com> wrote: > Hello.  I am trying to setup sync certain users between two ad > domains.  I have > 1) AD read connector that reads certain object and > 2) LDAP AD update connector that connects to the second domain and > adds/update objects> > During this process the DN is changed so the origional object is > placed in a different OU.> > Everything seems to work correctly if the object doesn't exist in the > 2nd forrest or ad domain.  However, if the object exist, the update > fails with following error:> > Note: this works fine if I sync between two different TDS 6.1 > servers.  can you please help?> > 15:43:49  [2. Write ADEDEV] CTGDIS495I handleException , update, > javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr: > DSID-031B0CEC, problem 5012 (DIR_ERROR), data 3 >  ]; remaining name 'cn=adm-yadah157,OU=MARRTEST > Objects,DC=dev1,DC=dev,DC=test,DC=com' > 15:43:49  [2. Write ADEDEV] CTGDIS810E handleException - cannot handle > exception , update > javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr: > DSID-031B0CEC, problem 5012 (DIR_ERROR), data 3 >  ]; remaining name 'cn=adm-yadah157,OU=MARRTEST > Objects,DC=dev1,DC=dev,DC=test,DC=com' >         at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3044) >         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2946) >         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2752) >         at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1452) >         at > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java: > 270)>         at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java: > 187)>         at > javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java: > 164) >         at com.ibm.di.connector.LDAPConnector.modEntry(Unknown Source) >         at com.ibm.di.server.AssemblyLineComponent.modify(Unknown Source) >         at com.ibm.di.server.AssemblyLineComponent.update(Unknown Source) >         at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(Unknown > Source) >         at com.ibm.di.server.AssemblyLine.executeMainStep(Unknown Source) >         at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source) >         at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source) >         at com.ibm.di.server.AssemblyLine.executeAL(Unknown Source) >         at com.ibm.di.server.AssemblyLine.run(Unknown Source) > 15:43:49  CTGDIS266E Error in NextConnectorOperation. Exception > occurred: javax.naming.NamingException: [LDAP: error code 80 - > 00002089: UpdErr: DSID-031B0CEC, problem 5012 (DIR_ERROR), data 3 >  ]; remaining name 'cn=adm-yadah157,OU=MARRTEST > Objects,DC=dev1,DC=dev,DC=test,DC=com' > javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr: > DSID-031B0CEC, problem 5012 (DIR_ERROR), data 3 >  ]; remaining name 'cn=adm-yadah157,OU=MARRTEST > Objects,DC=dev1,DC=dev,DC=test,DC=com' >         at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3044) >         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2946) >         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2752) >         at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1452) >         at > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java: > 270)>         at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java: > 187)>         at > javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java: > 164) >         at com.ibm.di.connector.LDAPConnector.modEntry(Unknown Source) >         at com.ibm.di.server.AssemblyLineComponent.modify(Unknown Source) >         at com.ibm.di.server.AssemblyLineComponent.update(Unknown Source) >         at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(Unknown > Source) >         at com.ibm.di.server.AssemblyLine.executeMainStep(Unknown Source) >         at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source) >         at com.ibm.di.server.AssemblyLine.executeMainLoop(Unknown Source) >         at com.ibm.di.server.AssemblyLine.executeAL(Unknown Source) >         at com.ibm.di.server.AssemblyLine.run(Unknown Source) The problem was corrected. It was an issue with AD not allowing $DN, distanguishedName, CN attributes to be modifed in update mode

bill, how do you change the AD setting to allow the update of these attributes? I'm faced with this exact error message.
0 new messages