Identity Manager jclient error when creating user.

Posted on 2006-05-16
Medium Priority
Last Modified: 2013-12-03

We have built an OES Netware 6.5 server and installed Bundle Identity Manager (comes with OES) on it and a Microsoft 2000 server with AD.

Everything seems to work, eDir and AD communicate, but we get the following error on the Netware server when creating a user in AD:

jclient error 9010
DS error -610

Any help would be appreciated.  
Question by:taborrg
  • 2
  • 2
LVL 34

Assisted Solution

PsiCop earned 750 total points
ID: 16696341
I suspect that the username in AD is not legal in eDirectory. Either that, or it exists, but I think that would be a different error code.

You may have to adjust the conversion rules if you want to allow a name in AD that's illegal in eDir (or vice versa).

Author Comment

ID: 16696415

Intriguing - do you suppose AD is sending names with a "/" as in "domain/username"?

How would we detect, and change that?


LVL 34

Expert Comment

ID: 16696455
Its possible that's the cause. I don't know the Designer interface, really. I played with it some in IDM v2.0, but I haven't been hands-on with IBM v3.0. Somewhere in the publisher/subscriber configuration is the translation logic.

Also, check out this AppNote --> http://www.novell.com/coolsolutions/appnote/17230.html

Its not of direct relation to your Question, but towards the end of that AppNote are some DSTRACE commands for NetWare that may help you capture the failing transaction so you can see exactly what its trying to do that's causing problems.
LVL 19

Accepted Solution

alextoft earned 750 total points
ID: 16697360
As always with IDM, the best way to diagnose is to analyse the trace. In the properties for the IDM driver in eDirectory set the trace level to 5. Then from the Netware console set dstrace=on, set dstrace=+dxml, set dstrace=+dvrs, set ttf=on. Then perform the action which gives you the error. After that set ttf=off so you don't get extra pages of XML to sift through.

Copy dstrace.dbg from sys:system and print it off. I find it a lot easier to trace through them as hard copies with a bunch of different coloured highlight pens.

The Illegal_DS_Name applies as I'm sure you know to those in excess of 255 characters, and combinations of special characters. The '\' character may be followed only by a '.' or '=' or '+' or '\'. I also suspect it's prefixing the CN with the domain name for some reason. It shouldn't do; the default AD driver should strip out that information.


Author Comment

ID: 16726850
Thanks guys, neither answer was a direct hit - but the combintation pointed us in the right direction.

There was a problem with LDAP usage on a FQDN that resolved the issue.

I appreciate the quick help!



Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
MSSQL DB-maintenance also needs implementation of multiple activities. However, unprecedented errors can hamper the database management. In that case, deploying Stellar SQL Database Toolkit ensures fast and accurate database and backup repair as wel…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question