Identity Manager jclient error when creating user.


We have built an OES Netware 6.5 server and installed Bundle Identity Manager (comes with OES) on it and a Microsoft 2000 server with AD.

Everything seems to work, eDir and AD communicate, but we get the following error on the Netware server when creating a user in AD:

jclient error 9010
DS error -610

Any help would be appreciated.  
Who is Participating?
As always with IDM, the best way to diagnose is to analyse the trace. In the properties for the IDM driver in eDirectory set the trace level to 5. Then from the Netware console set dstrace=on, set dstrace=+dxml, set dstrace=+dvrs, set ttf=on. Then perform the action which gives you the error. After that set ttf=off so you don't get extra pages of XML to sift through.

Copy dstrace.dbg from sys:system and print it off. I find it a lot easier to trace through them as hard copies with a bunch of different coloured highlight pens.

The Illegal_DS_Name applies as I'm sure you know to those in excess of 255 characters, and combinations of special characters. The '\' character may be followed only by a '.' or '=' or '+' or '\'. I also suspect it's prefixing the CN with the domain name for some reason. It shouldn't do; the default AD driver should strip out that information.

I suspect that the username in AD is not legal in eDirectory. Either that, or it exists, but I think that would be a different error code.

You may have to adjust the conversion rules if you want to allow a name in AD that's illegal in eDir (or vice versa).
taborrgAuthor Commented:

Intriguing - do you suppose AD is sending names with a "/" as in "domain/username"?

How would we detect, and change that?


Its possible that's the cause. I don't know the Designer interface, really. I played with it some in IDM v2.0, but I haven't been hands-on with IBM v3.0. Somewhere in the publisher/subscriber configuration is the translation logic.

Also, check out this AppNote -->

Its not of direct relation to your Question, but towards the end of that AppNote are some DSTRACE commands for NetWare that may help you capture the failing transaction so you can see exactly what its trying to do that's causing problems.
taborrgAuthor Commented:
Thanks guys, neither answer was a direct hit - but the combintation pointed us in the right direction.

There was a problem with LDAP usage on a FQDN that resolved the issue.

I appreciate the quick help!


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.