info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
HELP! Can not update AD attributes via passive LDAP - getting "problem 5012 (DIR_ERROR)"
3,979 views
Skip to first unread message
Ramunas Berulis
May 15, 2012, 7:51:43 AM5/15/12
to
Hi
I have a script for LDAP Passive (SSL) connector to Active Directory.
If I try to put new entry, everything works fine. But if I try to
modify it using removeAllAttributeValues, replaceAttributeValue or
similar - it always fails with "problem 5012 (DIR_ERROR)"
Here is the script:
var entry=system.newEntry();
entry.addAttributeValue("$dn","CN=Group1,CN=users,DC=test,DC=lan");
entry.addAttributeValue("objectClass","group");
entry.addAttributeValue("member","CN=Administrator,CN=users,DC=test,DC=lan");
LdapConnector.getConnector().putEntry(entry);
LdapConnector.getConnector().removeAllAttributeValues("CN=Group1",
"member");
Output is:
14:35:37,249 INFO - [LdapConnector] CTGDJQ001I Using LDAP SSL
connection. Ensure TCP port number is changed accordingly.
14:35:37,296 INFO - CTGDIS087I Iterating.
14:35:37,624 INFO - [LdapConnector] CTGDJQ071E The modification
failed. An exception occurred while tring to remove all the attribute
values: javax.naming.NamingException: [LDAP: error code 1 - 000020D6:
SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0
The result is: group is created with administrator as a member, but
member is not removed and script fails on the last line.
I have tried to change mode for LdapConnector to update, delta and
other modes, tried to change link criteria and so on, nothing helped.
What can be wrong? Why I am allowed to create new entries but are not
allowed to modify?
Thanks
Ramunas
I have a script for LDAP Passive (SSL) connector to Active Directory.
If I try to put new entry, everything works fine. But if I try to
modify it using removeAllAttributeValues, replaceAttributeValue or
similar - it always fails with "problem 5012 (DIR_ERROR)"
Here is the script:
var entry=system.newEntry();
entry.addAttributeValue("$dn","CN=Group1,CN=users,DC=test,DC=lan");
entry.addAttributeValue("objectClass","group");
entry.addAttributeValue("member","CN=Administrator,CN=users,DC=test,DC=lan");
LdapConnector.getConnector().putEntry(entry);
LdapConnector.getConnector().removeAllAttributeValues("CN=Group1",
"member");
Output is:
14:35:37,249 INFO - [LdapConnector] CTGDJQ001I Using LDAP SSL
connection. Ensure TCP port number is changed accordingly.
14:35:37,296 INFO - CTGDIS087I Iterating.
14:35:37,624 INFO - [LdapConnector] CTGDJQ071E The modification
failed. An exception occurred while tring to remove all the attribute
values: javax.naming.NamingException: [LDAP: error code 1 - 000020D6:
SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0
The result is: group is created with administrator as a member, but
member is not removed and script fails on the last line.
I have tried to change mode for LdapConnector to update, delta and
other modes, tried to change link criteria and so on, nothing helped.
What can be wrong? Why I am allowed to create new entries but are not
allowed to modify?
Thanks
Ramunas
Hydel
May 15, 2012, 9:22:48 AM5/15/12
to
Hello Ramunas,
try to call the removeAllAttributeValues() with DN "CN=Group1,CN=users,DC=test,DC=lan" and not with RDN "CN=Group1".
Regards,
Jukka
try to call the removeAllAttributeValues() with DN "CN=Group1,CN=users,DC=test,DC=lan" and not with RDN "CN=Group1".
Regards,
Jukka
Ramunas Berulis
May 15, 2012, 10:07:05 AM5/15/12
to
Hello Jukka
It seems that name is good because TDI LDAP connector says BAD_NAME
error when the name is not ok.
The following test show the same result for $dn:
TEST1:
LdapConnector.getConnector().removeAllAttributeValues("$dn=
\"CN=Group1,CN=users,DC=test,DC=lan\"", "member");
17:02:00,046 INFO - [LdapConnector] CTGDJQ071E The modification
name: '$dn="CN=Group1,CN=users,DC=test,DC=lan"'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3093)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1467
TEST2:
LdapConnector.getConnector().removeAllAttributeValues("$dn=CN=Group1,CN=users,DC=test,DC=lan",
"member");
16:59:56,046 INFO - [LdapConnector] CTGDJQ071E The modification
$dn=CN=Group1,CN=users,DC=test,DC=lan: [LDAP: error code 34 -
0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8349,
best match of:
'$dn=CN=Group1,CN=users,DC=test,DC=lan'
Test2 shows BAD_NAME error. So I think that TEST1 filter is ok, also
CN=Group1 filter is ok too.
But why "problem 5012 (DIR_ERROR)" is thrown?
I use TDI 7.1 FP6 and Active Directory on Windows 2008 R2.
Regards
Ramunas
It seems that name is good because TDI LDAP connector says BAD_NAME
error when the name is not ok.
The following test show the same result for $dn:
TEST1:
LdapConnector.getConnector().removeAllAttributeValues("$dn=
\"CN=Group1,CN=users,DC=test,DC=lan\"", "member");
17:02:00,046 INFO - [LdapConnector] CTGDJQ071E The modification
failed. An exception occurred while tring to remove all the attribute
values: javax.naming.NamingException: [LDAP: error code 1 - 000020D6:
SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0 ; Remaining
values: javax.naming.NamingException: [LDAP: error code 1 - 000020D6:
name: '$dn="CN=Group1,CN=users,DC=test,DC=lan"'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3093)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2999)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2806)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1467
TEST2:
LdapConnector.getConnector().removeAllAttributeValues("$dn=CN=Group1,CN=users,DC=test,DC=lan",
"member");
16:59:56,046 INFO - [LdapConnector] CTGDJQ071E The modification
failed. An exception occurred while tring to remove all the attribute
values: javax.naming.InvalidNameException:
$dn=CN=Group1,CN=users,DC=test,DC=lan: [LDAP: error code 34 -
0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8349,
best match of:
'$dn=CN=Group1,CN=users,DC=test,DC=lan'
Test2 shows BAD_NAME error. So I think that TEST1 filter is ok, also
CN=Group1 filter is ok too.
But why "problem 5012 (DIR_ERROR)" is thrown?
I use TDI 7.1 FP6 and Active Directory on Windows 2008 R2.
Regards
Ramunas
Hydel
May 16, 2012, 12:45:30 PM5/16/12
to
Use this format:
LdapConnector.getConnector().removeAllAttributeValues("CN=Group1,CN=users,DC=test,DC=lan","member");
Regards
Jukka
LdapConnector.getConnector().removeAllAttributeValues("CN=Group1,CN=users,DC=test,DC=lan","member");
Regards
Jukka
Ramunas Berulis
May 17, 2012, 12:12:16 AM5/17/12
to
Works perferct! Many thanks!
0 new messages