none
Modify RDN RRS feed

  • Question

  • Hello,

    For various reasons I won't go into we are using the latest version of the Generic LDAP connector to sync users and groups to AD LDS.

    The sync rule for groups is pretty straightforward with the usual two attribute flows for DN (IFO and persistent) and a bunch of others, none of which are CN before you ask!  The DN is constructed from CN=accountname,OU=etc,etc

    The problem occurs when a group manager renames one of his groups and modifies the accountName in MIM.  Although this flows to AD fine in AD LDS it errors because in the LDAP world it has to delete the Old RDN before it can write the new RDN.  We can prove this by doing it manually in LDP.exe whereby if you don't select to delete the Old RDN the operation fails.

    Any ideas as to why we cannot do this with the Generic LDAP MA?

    TIA

    Rob

    Tuesday, February 12, 2019 3:23 PM

Answers

  • Hi,

    The Generic LDAP Connector has it's quirks and is one of the more buggy Connectors provided OOB.

    I take it you're changing the DN (RDN) of the group?

    Try also flowing the "cn" attribute. We had this problem, and flowing the cn aswell solved the problem.

    Br,

    Leo


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!


    • Edited by Leo Erlandsson Wednesday, February 13, 2019 7:12 AM
    • Marked as answer by rob_wood Wednesday, February 13, 2019 2:52 PM
    Wednesday, February 13, 2019 7:12 AM

All replies

  • Hi,

    The Generic LDAP Connector has it's quirks and is one of the more buggy Connectors provided OOB.

    I take it you're changing the DN (RDN) of the group?

    Try also flowing the "cn" attribute. We had this problem, and flowing the cn aswell solved the problem.

    Br,

    Leo


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!


    • Edited by Leo Erlandsson Wednesday, February 13, 2019 7:12 AM
    • Marked as answer by rob_wood Wednesday, February 13, 2019 2:52 PM
    Wednesday, February 13, 2019 7:12 AM
  • Thanks Leo,

    Ordinarily this wouldn't be necessary as the cn is formed from the dn but in this case flowing accountName to cn has resolved the issue.

    Rob

    Wednesday, February 13, 2019 2:53 PM
  • Hi,

    Yes, ordinarily this isn't neccessary. It shouldn't be neccessary either ;)

    But the Generic Connectors (SQL and LDAP) have their quirks... unfortunately ;)

    Glad it solved your issue Rob!

    Br,

    Leo


    Did my post help? Please use "Vote As Helpful", "Mark as answer" or "Propose as answer". Thank you!


    Wednesday, February 13, 2019 3:22 PM