Identity Manager jclient error when creating user.

Posted on 2006-05-16
Last Modified: 2013-12-03

We have built an OES Netware 6.5 server and installed Bundle Identity Manager (comes with OES) on it and a Microsoft 2000 server with AD.

Everything seems to work, eDir and AD communicate, but we get the following error on the Netware server when creating a user in AD:

jclient error 9010
DS error -610

Any help would be appreciated.  
Question by:taborrg
    LVL 34

    Assisted Solution

    I suspect that the username in AD is not legal in eDirectory. Either that, or it exists, but I think that would be a different error code.

    You may have to adjust the conversion rules if you want to allow a name in AD that's illegal in eDir (or vice versa).
    LVL 1

    Author Comment


    Intriguing - do you suppose AD is sending names with a "/" as in "domain/username"?

    How would we detect, and change that?


    LVL 34

    Expert Comment

    Its possible that's the cause. I don't know the Designer interface, really. I played with it some in IDM v2.0, but I haven't been hands-on with IBM v3.0. Somewhere in the publisher/subscriber configuration is the translation logic.

    Also, check out this AppNote -->

    Its not of direct relation to your Question, but towards the end of that AppNote are some DSTRACE commands for NetWare that may help you capture the failing transaction so you can see exactly what its trying to do that's causing problems.
    LVL 19

    Accepted Solution

    As always with IDM, the best way to diagnose is to analyse the trace. In the properties for the IDM driver in eDirectory set the trace level to 5. Then from the Netware console set dstrace=on, set dstrace=+dxml, set dstrace=+dvrs, set ttf=on. Then perform the action which gives you the error. After that set ttf=off so you don't get extra pages of XML to sift through.

    Copy dstrace.dbg from sys:system and print it off. I find it a lot easier to trace through them as hard copies with a bunch of different coloured highlight pens.

    The Illegal_DS_Name applies as I'm sure you know to those in excess of 255 characters, and combinations of special characters. The '\' character may be followed only by a '.' or '=' or '+' or '\'. I also suspect it's prefixing the CN with the domain name for some reason. It shouldn't do; the default AD driver should strip out that information.

    LVL 1

    Author Comment

    Thanks guys, neither answer was a direct hit - but the combintation pointed us in the right direction.

    There was a problem with LDAP usage on a FQDN that resolved the issue.

    I appreciate the quick help!



    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    As with any other System Center product, the installation for the Authoring Tool can be quite a pain sometimes. This article serves to help you avoid making these mistakes and hopefully save you a ton of time on troubleshooting :)  Step 1: Make sur…
    In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now