Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
iammi Absent Member.
Absent Member.
452 views

Query AD for 'distinguishedName' attribut error Code(-8003)


Hello

I am performing the following query on Active Directory


Code:
--------------------
<query class-name="User" event-id="0" scope="subtree">
<search-class class-name="User"/>
<search-attr attr-name="sAMAccountName">
<value type="string">ammiis</value>
</search-attr>
<read-attr attr-name="CN"/>
<read-attr attr-name="distinguishedName"/>
</query>
--------------------


the result is


Code:
--------------------
<output>
<instance class-name="user" event-id="0" src-dn="CN=Paula BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh">
<association>a1560ddf101d1546a9c7d432e517d533</association>
<attr attr-name="cn">
<value naming="true" type="string">Paula BOENSEL</value>
</attr>
<attr attr-name="distinguishedName">
<value association-ref="a1560ddf101d1546a9c7d432e517d533" naming="true" type="dn">CN=Paula BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh</value>
</attr>
</instance>
<status event-id="0" level="success"/>
</output>
--------------------



but a little later I have


Code:
--------------------
DirXML Log Event -------------------
Driver: \IDV\LVM\Services\DrvSet\ActiveDirectory
Channel: Subscriber
Object: \IDV\LVM\Persons\FR\Internals\FRI000001
Status: Warning
Message: Code(-8003) Unable to synchronize reference to CN=Paula BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh from attribute lvmADUserDN.
--------------------


The complete trace


<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<query class-name="User" event-id="0" scope="subtree">
<search-class class-name="User"/>
<search-attr attr-name="sAMAccountName">
<value type="string">ammiis</value>
</search-attr>
<read-attr attr-name="CN"/>
<read-attr attr-name="distinguishedName"/>
</query>
</input>
</nds>
[12/29/11 10:31:22.801]:ActiveDirectory ST: Remote Interface
Driver: Document sent.
[12/29/11 10:31:22.941]:ActiveDirectory :Remote Interface Driver:
Received.
[12/29/11 10:31:22.942]:ActiveDirectory :
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20110211_120000"
instance="\IDV\LVM\Services\DrvSet\ActiveDirectory"
version="3.5.14">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="user" event-id="0" src-dn="CN=Paula
BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh">
<association>a1560ddf101d1546a9c7d432e517d533</association>
<attr attr-name="cn">
<value naming="true" type="string">Paula BOENSEL</value>
</attr>
<attr attr-name="distinguishedName">
<value association-ref="a1560ddf101d1546a9c7d432e517d533"
naming="true" type="dn">CN=Paula
BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh</value>
</attr>
</instance>
<status event-id="0" level="success"/>
</output>
</nds>
[12/29/11 10:31:22.950]:ActiveDirectory :Remote Interface Driver:
Received document for subscriber channel
[12/29/11 10:31:22.950]:ActiveDirectory :Remote Interface Driver:
Waiting for receive...
[12/29/11 10:31:22.951]:ActiveDirectory ST:
SubscriptionShim.execute() returned:
[12/29/11 10:31:22.951]:ActiveDirectory ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20110211_120000"
instance="\IDV\LVM\Services\DrvSet\ActiveDirectory"
version="3.5.14">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="user" event-id="0" src-dn="CN=Paula
BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh">
<association>a1560ddf101d1546a9c7d432e517d533</association>
<attr attr-name="cn">
<value naming="true" type="string">Paula BOENSEL</value>
</attr>
<attr attr-name="distinguishedName">
<value association-ref="a1560ddf101d1546a9c7d432e517d533"
naming="true" type="dn">CN=Paula
BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh</value>
</attr>
</instance>
<status event-id="0" level="success"/>
</output>
</nds>
[12/29/11 10:31:22.960]:ActiveDirectory ST: No input
transformation policies.
[12/29/11 10:31:22.960]:ActiveDirectory ST: Applying schema
mapping policies to input.
[12/29/11 10:31:22.961]:ActiveDirectory ST: Applying policy:
%+C%14Csmp-MappingRule%-C.
[12/29/11 10:31:22.962]:ActiveDirectory ST: Mapping
class-name 'user' to 'User'.
[12/29/11 10:31:22.963]:ActiveDirectory ST: Resolving
association references.
[12/29/11 10:31:22.964]:ActiveDirectory ST:
DirXML Log Event -------------------
Driver: \IDV\LVM\Services\DrvSet\ActiveDirectory
Channel: Subscriber
Object: \IDV\LVM\Persons\FR\Internals\FRI000001
Status: Warning
Message: Code(-8003) Unable to synchronize reference to CN=Paula
BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh from
attribute distinguishedName.
[12/29/11 10:31:22.968]:ActiveDirectory ST: Query from
policy result
[12/29/11 10:31:22.969]:ActiveDirectory ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20110211_120000"
instance="\IDV\LVM\Services\DrvSet\ActiveDirectory"
version="3.5.14">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<instance class-name="User" event-id="0" src-dn="CN=Paula
BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh">
<association>a1560ddf101d1546a9c7d432e517d533</association>
<attr attr-name="cn">
<value naming="true" type="string">Paula BOENSEL</value>
</attr>
</instance>
<status event-id="0" level="success"/>
</output>
</nds>


--
iammi
------------------------------------------------------------------------
iammi's Profile: http://forums.novell.com/member.php?userid=71308
View this thread: http://forums.novell.com/showthread.php?t=450093

Labels (1)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: Query AD for 'distinguishedName' attribut error Code(-8003)

The user you found in AD, has a DN reference, in distinguished name.
This DN comes with the calculated Assoc-ref (GUID in AD).

But there is no matching user in eDir with that association value.

Therefore the engine is telling you it cannot convert the LDAP DN in a
DN syntax field to a eDir DN of an associated object.


> Code:
> --------------------
> <query class-name="User" event-id="0" scope="subtree">
> <search-class class-name="User"/>
> <search-attr attr-name="sAMAccountName">
> <value type="string">ammiis</value>
> </search-attr>
> <read-attr attr-name="CN"/>
> <read-attr attr-name="distinguishedName"/>
> </query>
> --------------------
>
>
> the result is
>
>
> Code:
> --------------------
> <output>
> <instance class-name="user" event-id="0" src-dn="CN=Paula BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh">
> <association>a1560ddf101d1546a9c7d432e517d533</association>
> <attr attr-name="cn">
> <value naming="true" type="string">Paula BOENSEL</value>
> </attr>
> <attr attr-name="distinguishedName">
> <value association-ref="a1560ddf101d1546a9c7d432e517d533" naming="true" type="dn">CN=Paula BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh</value>
> </attr>
> </instance>
> <status event-id="0" level="success"/>
> </output>
> --------------------
>
>
>
> but a little later I have
>
>
> Code:
> --------------------
> DirXML Log Event -------------------
> Driver: \IDV\LVM\Services\DrvSet\ActiveDirectory
> Channel: Subscriber
> Object: \IDV\LVM\Persons\FR\Internals\FRI000001
> Status: Warning
> Message: Code(-8003) Unable to synchronize reference to CN=Paula BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh from attribute lvmADUserDN.
> --------------------
>
>
> The complete trace
>
>
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.0.1.0">DirXML</product>
> <contact>Novell, Inc.</contact>
> </source>
> <input>
> <query class-name="User" event-id="0" scope="subtree">
> <search-class class-name="User"/>
> <search-attr attr-name="sAMAccountName">
> <value type="string">ammiis</value>
> </search-attr>
> <read-attr attr-name="CN"/>
> <read-attr attr-name="distinguishedName"/>
> </query>
> </input>
> </nds>
> [12/29/11 10:31:22.801]:ActiveDirectory ST: Remote Interface
> Driver: Document sent.
> [12/29/11 10:31:22.941]:ActiveDirectory :Remote Interface Driver:
> Received.
> [12/29/11 10:31:22.942]:ActiveDirectory :
> <nds dtdversion="1.1" ndsversion="8.7">
> <source>
> <product asn1id="" build="20110211_120000"
> instance="\IDV\LVM\Services\DrvSet\ActiveDirectory"
> version="3.5.14">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <instance class-name="user" event-id="0" src-dn="CN=Paula
> BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
> Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh">
> <association>a1560ddf101d1546a9c7d432e517d533</association>
> <attr attr-name="cn">
> <value naming="true" type="string">Paula BOENSEL</value>
> </attr>
> <attr attr-name="distinguishedName">
> <value association-ref="a1560ddf101d1546a9c7d432e517d533"
> naming="true" type="dn">CN=Paula
> BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
> Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh</value>
> </attr>
> </instance>
> <status event-id="0" level="success"/>
> </output>
> </nds>
> [12/29/11 10:31:22.950]:ActiveDirectory :Remote Interface Driver:
> Received document for subscriber channel
> [12/29/11 10:31:22.950]:ActiveDirectory :Remote Interface Driver:
> Waiting for receive...
> [12/29/11 10:31:22.951]:ActiveDirectory ST:
> SubscriptionShim.execute() returned:
> [12/29/11 10:31:22.951]:ActiveDirectory ST:
> <nds dtdversion="1.1" ndsversion="8.7">
> <source>
> <product asn1id="" build="20110211_120000"
> instance="\IDV\LVM\Services\DrvSet\ActiveDirectory"
> version="3.5.14">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <instance class-name="user" event-id="0" src-dn="CN=Paula
> BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
> Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh">
> <association>a1560ddf101d1546a9c7d432e517d533</association>
> <attr attr-name="cn">
> <value naming="true" type="string">Paula BOENSEL</value>
> </attr>
> <attr attr-name="distinguishedName">
> <value association-ref="a1560ddf101d1546a9c7d432e517d533"
> naming="true" type="dn">CN=Paula
> BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
> Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh</value>
> </attr>
> </instance>
> <status event-id="0" level="success"/>
> </output>
> </nds>
> [12/29/11 10:31:22.960]:ActiveDirectory ST: No input
> transformation policies.
> [12/29/11 10:31:22.960]:ActiveDirectory ST: Applying schema
> mapping policies to input.
> [12/29/11 10:31:22.961]:ActiveDirectory ST: Applying policy:
> %+C%14Csmp-MappingRule%-C.
> [12/29/11 10:31:22.962]:ActiveDirectory ST: Mapping
> class-name 'user' to 'User'.
> [12/29/11 10:31:22.963]:ActiveDirectory ST: Resolving
> association references.
> [12/29/11 10:31:22.964]:ActiveDirectory ST:
> DirXML Log Event -------------------
> Driver: \IDV\LVM\Services\DrvSet\ActiveDirectory
> Channel: Subscriber
> Object: \IDV\LVM\Persons\FR\Internals\FRI000001
> Status: Warning
> Message: Code(-8003) Unable to synchronize reference to CN=Paula
> BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
> Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh from
> attribute distinguishedName.
> [12/29/11 10:31:22.968]:ActiveDirectory ST: Query from
> policy result
> [12/29/11 10:31:22.969]:ActiveDirectory ST:
> <nds dtdversion="1.1" ndsversion="8.7">
> <source>
> <product asn1id="" build="20110211_120000"
> instance="\IDV\LVM\Services\DrvSet\ActiveDirectory"
> version="3.5.14">AD</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <instance class-name="User" event-id="0" src-dn="CN=Paula
> BOENSEL,OU=Users,OU=Accounts,OU=Paris,OU=Office,OU=Louis
> Vuitton,OU=Cp-France,DC=d1-int,DC=cougar-int,DC=ms,DC=lvmh">
> <association>a1560ddf101d1546a9c7d432e517d533</association>
> <attr attr-name="cn">
> <value naming="true" type="string">Paula BOENSEL</value>
> </attr>
> </instance>
> <status event-id="0" level="success"/>
> </output>
> </nds>
>
>


0 Likes
iammi Absent Member.
Absent Member.

Re: Query AD for 'distinguishedName' attribut error Code(-8003)


Thanks a lot,

is there any way to query 'dn' attribut in AD ?

Regards


--
iammi
------------------------------------------------------------------------
iammi's Profile: http://forums.novell.com/member.php?userid=71308
View this thread: http://forums.novell.com/showthread.php?t=450093

0 Likes
Knowledge Partner
Knowledge Partner

Re: Query AD for 'distinguishedName' attribut error Code(-8003)

On 12/29/2011 6:56 AM, iammi wrote:
>
> Thanks a lot,
>
> is there any way to query 'dn' attribut in AD ?


Depends what you are trying to do.

I suspect what you really want is the DN of the user in AD, right?

Ok, set local variable QUERY to a query token that gets your user,
whatever it takes. But make QUERY a node set variable.

Then set local variable AD-DN (a string this time) the XPATH $QUERY/@src-dn

If you knew the object was associated, and you had the association value
in the event, (use the Association noun token, or XPATH of association)
then you could use the Resolve token to resolve from assoc to DN or DN
to assoc is source or dest, as you need it.

This @src-dn approach works for all systems, since AD is somewhat unique
in that it actually has a DN attribute. Though I guess eDir will return
entryDN in an LDAP query. Dunno if IDM Query will return entryDN or not
though,


0 Likes
iammi Absent Member.
Absent Member.

Re: Query AD for 'distinguishedName' attribut error Code(-8003)


Thanks a lot, it works !


--
iammi
------------------------------------------------------------------------
iammi's Profile: http://forums.novell.com/member.php?userid=71308
View this thread: http://forums.novell.com/showthread.php?t=450093

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.