Users not created in AD or eDir

I have a netware 6.5 with IDM3 and win2k3 remote loader. Everything
seems to be ok in my DSTrace.log file on my win2k3 server. When i
create a user in AD this is what the log file says and there is no user
created in eDir ( the other way around doesn't work either):

<nds dtdversion="2.2">
        <source>
                <product version="3.0.0.20051118 ">DirXML</product>
                <contact>Novell, Inc.</contact>
        </source>
        <input>
                <add class-name="user" event-id="Active
Directory##109211d31fb##0"
src-dn="CN=test dude,OU=Iisg,DC=microiisg,DC=com">
                       
<association>48ae9f611f0a6349a469a90fd3aa0011</association>
                        <add-attr attr-name="cn">
                                <value type="string">test dude</value>
                        </add-attr>
                        <add-attr attr-name="dirxml-uACAccountDisable">
                                <value type="state">false</value>
                        </add-attr>
                        <add-attr attr-name="displayName">
                                <value type="string" naming="false">test
dude</value>
                        </add-attr>
                        <add-attr attr-name="givenName">
                                <value type="string"
naming="false">test</value>
                        </add-attr>
                        <add-attr attr-name="sAMAccountName">
                                <value type="string"
naming="false">tdude</value>
                        </add-attr>
                        <add-attr attr-name="sn">
                                <value type="string"
naming="false">dude</value>
                        </add-attr>
                </add>
        </input>
</nds>
DirXML: [01/31/06 16:38:15.05]: Loader: Received 'publisher reply'
document
DirXML: [01/31/06 16:38:15.05]: Loader: XML Document:
DirXML: [01/31/06 16:38:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
        <source>
                <product version="3.0.0.20051118 ">DirXML</product>
                <contact>Novell, Inc.</contact>
        </source>
        <output>
                <status event-id="Active Directory##109211d31fb##0"
level="warning">Code(-8016) Operation vetoed by object matching
policy.<application>DirXML</application>
                        <module>Active Directory</module>
                        <object-dn>CN=test
dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
                        <component>Publisher</component>
                </status>
        </output>
</nds>
DirXML: [01/31/06 16:38:15.05]: Loader: DirXML returned:
DirXML: [01/31/06 16:38:15.05]: Loader: XML Document:
DirXML: [01/31/06 16:38:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
        <source>
                <product version="3.0.0.20051118 ">DirXML</product>
                <contact>Novell, Inc.</contact>
        </source>
        <output>
                <status event-id="Active Directory##109211d31fb##0"
level="warning">Code(-8016) Operation vetoed by object matching
policy.<application>DirXML</application>
                        <module>Active Directory</module>
                        <object-dn>CN=test
dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
                        <component>Publisher</component>
                </status>
        </output>
</nds>
DirXML: [01/31/06 16:38:15.05]:
DirXML Log Event -------------------
    Driver  = \MICRO\micro\ADeDirDriver\Active Directory
    Thread  = Publisher Channel
    Object  = CN=test dude,OU=Iisg,DC=microiisg,DC=com
    Level   = warning
    Message = Code(-8016) Operation vetoed by object matching
policy.<application>DirXML</application>
<module>Active Directory</module>
<object-dn>CN=test dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
<component>Publisher</component>
DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD]
PasswordSync::getUserData()
DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD]
PasswordSync::getUserData().... checking that RPC Server is listening
DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD]
PasswordSync::getUserData().... checking that RPC Server is listening
DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD 1800]
PassSyncCache::GetPwdInfoByUser()
DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD 1800]
PassSyncCache::GetPwdInfoByUser() Looking for specific Username[tdude]
DirXML: [01/31/06 16:38:15.08]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- open the cache.  Key = SOFTWARE\Novell\PassSync\Data\MICROIISG.COM
DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- acquire the mutex.
DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- mutex acquired.
DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- get number of registry keys.
DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- dwSubKeys[0] dwPrefMaxEntries[1] *lpdwResumeHandle[0]
lpszUserName[tdude].
DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- release the mutex.
DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- mutex released.
DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- close the cache.
DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800]
PassSyncCache::GetPwdInfoByUser() returned 0x00000000
DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD]
PasswordSync::getUserData() returned 0x00000000
DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD 1800]
PassSyncCache::FreeSyncData()
DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD 1800]
PassSyncCache::FreeSyncData() returned.
DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD]
PasswordSync::DataEnum()
DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD]
PasswordSync::DataEnum().... checking that RPC Server is listening
DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD]
PasswordSync::DataEnum().... checking that RPC Server is listening
DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800]
PassSyncCache::GetPwdInfo()
DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800]
PassSyncCache::GetPwdInfo() Looking for specific Username[(null)]
DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800] GetPwdInfo() -
open the cache.  Key = SOFTWARE\Novell\PassSync\Data\MICROIISG.COM
DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800] GetPwdInfo() -
acquire the mutex.
DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() -
mutex acquired.
DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() - get
number of registry keys.
DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() -
dwSubKeys[0] dwPrefMaxEntries[-2] *lpdwResumeHandle[0]
lpszUserName[(null)].
DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() -
Query only returned 0.
DirXML: [01/31/06 16:38:15.14]: ADDriver: [PWD 1800] GetPwdInfo() -
release the mutex.
DirXML: [01/31/06 16:38:15.14]: ADDriver: [PWD 1800] GetPwdInfo() -
mutex released.
DirXML: [01/31/06 16:38:15.14]: ADDriver: [PWD]
PasswordSync::DataEnum() returned 0x00000000
DirXML: [01/31/06 16:38:15.14]: Loader: Received document from
publicationShim
DirXML: [01/31/06 16:38:15.14]: Loader: XML Document:
DirXML: [01/31/06 16:38:15.15]: <nds dtdversion="2.2">
        <source>
                <product version="3.0.0.20051118 ">DirXML</product>
                <contact>Novell, Inc.</contact>
        </source>
        <input>
                <init-params>
                        <publisher-state>
                               
<cookie>TVNEUwMAAACw3K5ZfCbGAQAAAAAAAAAAKAAAAFXwAQAAAAAAAAAAAAAAAABV8AEAAAAAALkMY6HymVJJm5mqA99KzKIBAAAAAAAAAAEAAAAAAAAAuQxjofKZUkmbmaoD30rMolXwAQAAAAAA</cookie>
                        </publisher-state>
                </init-params>
        </input>
</nds>
DirXML: [01/31/06 16:38:15.15]: Loader: Writing driver state to file
DirXML: [01/31/06 16:38:15.15]: Loader: Document consists only of
state; not sending to remote side
DirXML: [01/31/06 16:38:15.15]: Loader: Returning to publisher:
DirXML: [01/31/06 16:38:15.15]: Loader: XML Document:
DirXML: [01/31/06 16:38:15.16]: <nds ndsversion="8.6" dtdversion="1.0">
        <output>
                <status level="success"/>
        </output>
</nds>
DirXML: [01/31/06 16:38:15.16]: ADDriver: object changes complete 
DirXML: [01/31/06 16:39:14.91]: ADDriver: Publisher Poll
DirXML: [01/31/06 16:39:14.91]: ADDriver: get object changes - 0x0000
DirXML: [01/31/06 16:39:14.91]: ADDriver: process object change entry
DirXML: [01/31/06 16:39:14.91]: ADDriver: Processing change from AD:
isDeleted: NULL, whenCreated NULL, name NULL
DirXML: [01/31/06 16:39:14.91]: ADDriver: Publisher MODIFY
DirXML: [01/31/06 16:39:14.92]: ADDriver: Publisher Modify-
effectiveClassQuery  dn=CN=test dude,OU=Iisg,DC=microiisg,DC=com
className=user
DirXML: [01/31/06 16:39:14.92]: ADDriver: cn
DirXML: [01/31/06 16:39:14.92]: ADDriver: description
DirXML: [01/31/06 16:39:14.92]: ADDriver: dirxml-uACAccountDisable
DirXML: [01/31/06 16:39:14.93]: ADDriver: displayName
DirXML: [01/31/06 16:39:14.93]: ADDriver: facsimileTelephoneNumber
DirXML: [01/31/06 16:39:14.93]: ADDriver: givenName
DirXML: [01/31/06 16:39:14.93]: ADDriver: initials
DirXML: [01/31/06 16:39:14.93]: ADDriver: l
DirXML: [01/31/06 16:39:14.94]: ADDriver: logonHours
DirXML: [01/31/06 16:39:14.94]: ADDriver: mail
DirXML: [01/31/06 16:39:14.94]: ADDriver: physicalDeliveryOfficeName
DirXML: [01/31/06 16:39:14.94]: ADDriver: postOfficeBox
DirXML: [01/31/06 16:39:14.94]: ADDriver: postalCode
DirXML: [01/31/06 16:39:14.94]: ADDriver: sAMAccountName
DirXML: [01/31/06 16:39:14.95]: ADDriver: sn
DirXML: [01/31/06 16:39:14.95]: ADDriver: st
DirXML: [01/31/06 16:39:14.95]: ADDriver: streetAddress
DirXML: [01/31/06 16:39:14.95]: ADDriver: telephoneNumber
DirXML: [01/31/06 16:39:14.95]: ADDriver: title
DirXML: [01/31/06 16:39:14.96]: Loader: Received document from
publicationShim
DirXML: [01/31/06 16:39:14.96]: Loader: XML Document:
DirXML: [01/31/06 16:39:14.96]: <nds dtdversion="2.2">
        <source>
                <product version="3.0.0.20051118 ">DirXML</product>
                <contact>Novell, Inc.</contact>
        </source>
        <input>
                <modify class-name="user" event-id="Active
Directory##109211e1c6b##0"
src-dn="CN=test dude,OU=Iisg,DC=microiisg,DC=com">
                       
<association>48ae9f611f0a6349a469a90fd3aa0011</association>
                        <modify-attr attr-name="mail">
                                <remove-all-values/>
                                <add-value>
                                        <value type="string"
naming="false">t...@microiisg.com</value>
                                </add-value>
                        </modify-attr>
                </modify>
        </input>
</nds>
DirXML: [01/31/06 16:39:15.05]: Loader: Received 'publisher query back'
document
DirXML: [01/31/06 16:39:15.05]: Loader: XML Document:
DirXML: [01/31/06 16:39:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
        <source>
                <product version="3.0.0.20051118 ">DirXML</product>
                <contact>Novell, Inc.</contact>
        </source>
        <input>
                <query class-name="user" event-id="0" scope="entry">
                       
<association>48ae9f611f0a6349a469a90fd3aa0011</association>
                        <read-attr attr-name="cn"/>
                        <read-attr attr-name="description"/>
                        <read-attr attr-name="sAMAccountName"/>
                        <read-attr attr-name="facsimileTelephoneNumber"/>
                        <read-attr attr-name="displayName"/>
                        <read-attr attr-name="givenName"/>
                        <read-attr attr-name="initials"/>
                        <read-attr attr-name="mail"/>
                        <read-attr attr-name="physicalDeliveryOfficeName"/>
                        <read-attr attr-name="logonHours"/>
                        <read-attr attr-name="dirxml-uACAccountDisable"/>
                        <read-attr attr-name="nspmDistributionPassword"/>
                        <read-attr attr-name="l"/>
                        <read-attr attr-name="postalCode"/>
                        <read-attr attr-name="postOfficeBox"/>
                        <read-attr attr-name="st"/>
                        <read-attr attr-name="streetAddress"/>
                        <read-attr attr-name="sn"/>
                        <read-attr attr-name="telephoneNumber"/>
                        <read-attr attr-name="title"/>
                </query>
        </input>
</nds>
DirXML: [01/31/06 16:39:15.05]: Loader: DirXML returned:
DirXML: [01/31/06 16:39:15.05]: Loader: XML Document:
DirXML: [01/31/06 16:39:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
        <source>
                <product version="3.0.0.20051118 ">DirXML</product>
                <contact>Novell, Inc.</contact>
        </source>
        <input>
                <query class-name="user" event-id="0" scope="entry">
                       
<association>48ae9f611f0a6349a469a90fd3aa0011</association>
                        <read-attr attr-name="cn"/>
                        <read-attr attr-name="description"/>
                        <read-attr attr-name="sAMAccountName"/>
                        <read-attr attr-name="facsimileTelephoneNumber"/>
                        <read-attr attr-name="displayName"/>
                        <read-attr attr-name="givenName"/>
                        <read-attr attr-name="initials"/>
                        <read-attr attr-name="mail"/>
                        <read-attr attr-name="physicalDeliveryOfficeName"/>
                        <read-attr attr-name="logonHours"/>
                        <read-attr attr-name="dirxml-uACAccountDisable"/>
                        <read-attr attr-name="nspmDistributionPassword"/>
                        <read-attr attr-name="l"/>
                        <read-attr attr-name="postalCode"/>
                        <read-attr attr-name="postOfficeBox"/>
                        <read-attr attr-name="st"/>
                        <read-attr attr-name="streetAddress"/>
                        <read-attr attr-name="sn"/>
                        <read-attr attr-name="telephoneNumber"/>
                        <read-attr attr-name="title"/>
                </query>
        </input>
</nds>
DirXML: [01/31/06 16:39:15.05]: ADDriver: parse command

  className    user
  destDN
  eventId      0
  association  48ae9f611f0a6349a469a90fd3aa0011
DirXML: [01/31/06 16:39:15.05]: ADDriver: query
DirXML: [01/31/06 16:39:15.05]: ADDriver: query constraints
DirXML: [01/31/06 16:39:15.05]: ADDriver: Connect using ldap_bind:
user=administrator, domain=microiisg, password=***, method=negotiate,
server=sbs.microiisg.com, sign=no, seal=no ssl=no
DirXML: [01/31/06 16:39:15.08]: ADDriver: ldap_bind connection
succeeded
DirXML: [01/31/06 16:39:15.08]: ADDriver:    warning: read-attr
nspmDistributionPasswordnot in schema
DirXML: [01/31/06 16:39:15.09]: ADDriver: query
  base DN: CN=test dude,OU=Iisg,DC=microiisg,DC=com,
  filter: (objectClass=*),
   return: (attribute values) objectClass, objectGUID, cn, description,
userAccountControl, displayName, facsimileTelephoneNumber, givenName,
initials, l, logonHours, mail, physicalDeliveryOfficeName,
postOfficeBox, postalCode, sAMAccountName, sn, st, streetAddress,
telephoneNumber, title,
DirXML: [01/31/06 16:39:15.09]: ADDriver: query
  base DN: CN=test dude,OU=Iisg,DC=microiisg,DC=com,
  filter: (objectClass=*),
   return: (attribute values) objectClass, objectGUID, cn, description,
userAccountControl, displayName, facsimileTelephoneNumber, givenName,
initials, l, logonHours, mail, physicalDeliveryOfficeName,
postOfficeBox, postalCode, sAMAccountName, sn, st, streetAddress,
telephoneNumber, title,
DirXML: [01/31/06 16:39:15.09]: ADDriver: ldap get next page (
2147483647)
DirXML: [01/31/06 16:39:15.09]: ADDriver: ldap get next page (
2147483647)
DirXML: [01/31/06 16:39:15.16]: Loader: Received 'publisher reply'
document
DirXML: [01/31/06 16:39:15.16]: Loader: XML Document:
DirXML: [01/31/06 16:39:15.16]: <nds dtdversion="3.0" ndsversion="8.x">
        <source>
                <product version="3.0.0.20051118 ">DirXML</product>
                <contact>Novell, Inc.</contact>
        </source>
        <output>
                <status event-id="Active Directory##109211e1c6b##0"
level="warning">Code(-8016) Operation vetoed by object matching
policy.<application>DirXML</application>
                        <module>Active Directory</module>
                        <object-dn>CN=test
dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
                        <component>Publisher</component>
                </status>
        </output>
</nds>
DirXML: [01/31/06 16:39:15.16]: Loader: DirXML returned:
DirXML: [01/31/06 16:39:15.17]: Loader: XML Document:
DirXML: [01/31/06 16:39:15.17]: <nds dtdversion="3.0" ndsversion="8.x">
        <source>
                <product version="3.0.0.20051118 ">DirXML</product>
                <contact>Novell, Inc.</contact>
        </source>
        <output>
                <status event-id="Active Directory##109211e1c6b##0"
level="warning">Code(-8016) Operation vetoed by object matching
policy.<application>DirXML</application>
                        <module>Active Directory</module>
                        <object-dn>CN=test
dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
                        <component>Publisher</component>
                </status>
        </output>
</nds>
DirXML: [01/31/06 16:39:15.17]:
DirXML Log Event -------------------
    Driver  = \MICRO\micro\ADeDirDriver\Active Directory
    Thread  = Publisher Channel
    Object  = CN=test dude,OU=Iisg,DC=microiisg,DC=com
    Level   = warning
    Message = Code(-8016) Operation vetoed by object matching
policy.<application>DirXML</application>
<module>Active Directory</module>
<object-dn>CN=test dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
<component>Publisher</component>
DirXML: [01/31/06 16:39:15.17]: ADDriver: [PWD]
PasswordSync::getUserData()
DirXML: [01/31/06 16:39:15.17]: ADDriver: [PWD]
PasswordSync::getUserData().... checking that RPC Server is listening
DirXML: [01/31/06 16:39:15.17]: ADDriver: [PWD]
PasswordSync::getUserData().... checking that RPC Server is listening
DirXML: [01/31/06 16:39:15.18]: ADDriver: [PWD 1800]
PassSyncCache::GetPwdInfoByUser()
DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800]
PassSyncCache::GetPwdInfoByUser() Looking for specific Username[tdude]
DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- open the cache.  Key = SOFTWARE\Novell\PassSync\Data\MICROIISG.COM
DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- acquire the mutex.
DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- mutex acquired.
DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- get number of registry keys.
DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- dwSubKeys[0] dwPrefMaxEntries[1] *lpdwResumeHandle[0]
lpszUserName[tdude].
DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- release the mutex.
DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- mutex released.
DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
- close the cache.
DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD 1800]
PassSyncCache::GetPwdInfoByUser() returned 0x00000000
DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD]
PasswordSync::getUserData() returned 0x00000000
DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD 1800]
PassSyncCache::FreeSyncData()
DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD 1800]
PassSyncCache::FreeSyncData() returned.
DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD]
PasswordSync::DataEnum()
DirXML: [01/31/06 ...
0
wnbahadoer
1/31/2006 10:40:39 PM
novell.id-manager.drivers 10360 articles. 0 followers. Follow

10 Replies
1149 Views

Similar Articles

[PageSpeed] 53

The only spot I see in the matching policy that veto's is where it checks
to make sure users are not out of scope.  Is this user in the scope where
you set the driver to synchronize from/to?  If not, create a user in the
correct scope.

As a note, trace level 3 or 5 would be better than whichever level you are
showing here.  Make sure you are sending the engine-side trace as well if
anything.

Good luck.




> I have a netware 6.5 with IDM3 and win2k3 remote loader. Everything
> seems to be ok in my DSTrace.log file on my win2k3 server. When i
> create a user in AD this is what the log file says and there is no user
> created in eDir ( the other way around doesn't work either):
> 
> <nds dtdversion="2.2">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <input>
>                 <add class-name="user" event-id="Active
> Directory##109211d31fb##0"
> src-dn="CN=test dude,OU=Iisg,DC=microiisg,DC=com">
>                        
> <association>48ae9f611f0a6349a469a90fd3aa0011</association>
>                         <add-attr attr-name="cn">
>                                 <value type="string">test dude</value>
>                         </add-attr>
>                         <add-attr attr-name="dirxml-uACAccountDisable">
>                                 <value type="state">false</value>
>                         </add-attr>
>                         <add-attr attr-name="displayName">
>                                 <value type="string" naming="false">test
> dude</value>
>                         </add-attr>
>                         <add-attr attr-name="givenName">
>                                 <value type="string"
> naming="false">test</value>
>                         </add-attr>
>                         <add-attr attr-name="sAMAccountName">
>                                 <value type="string"
> naming="false">tdude</value>
>                         </add-attr>
>                         <add-attr attr-name="sn">
>                                 <value type="string"
> naming="false">dude</value>
>                         </add-attr>
>                 </add>
>         </input>
> </nds>
> DirXML: [01/31/06 16:38:15.05]: Loader: Received 'publisher reply'
> document
> DirXML: [01/31/06 16:38:15.05]: Loader: XML Document:
> DirXML: [01/31/06 16:38:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <output>
>                 <status event-id="Active Directory##109211d31fb##0"
> level="warning">Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
>                         <module>Active Directory</module>
>                         <object-dn>CN=test
> dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
>                         <component>Publisher</component>
>                 </status>
>         </output>
> </nds>
> DirXML: [01/31/06 16:38:15.05]: Loader: DirXML returned:
> DirXML: [01/31/06 16:38:15.05]: Loader: XML Document:
> DirXML: [01/31/06 16:38:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <output>
>                 <status event-id="Active Directory##109211d31fb##0"
> level="warning">Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
>                         <module>Active Directory</module>
>                         <object-dn>CN=test
> dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
>                         <component>Publisher</component>
>                 </status>
>         </output>
> </nds>
> DirXML: [01/31/06 16:38:15.05]:
> DirXML Log Event -------------------
>     Driver  = \MICRO\micro\ADeDirDriver\Active Directory
>     Thread  = Publisher Channel
>     Object  = CN=test dude,OU=Iisg,DC=microiisg,DC=com
>     Level   = warning
>     Message = Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
> <module>Active Directory</module>
> <object-dn>CN=test dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
> <component>Publisher</component>
> DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD]
> PasswordSync::getUserData()
> DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD]
> PasswordSync::getUserData().... checking that RPC Server is listening
> DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD]
> PasswordSync::getUserData().... checking that RPC Server is listening
> DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser()
> DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser() Looking for specific Username[tdude]
> DirXML: [01/31/06 16:38:15.08]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - open the cache.  Key = SOFTWARE\Novell\PassSync\Data\MICROIISG.COM
> DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - acquire the mutex.
> DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - mutex acquired.
> DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - get number of registry keys.
> DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - dwSubKeys[0] dwPrefMaxEntries[1] *lpdwResumeHandle[0]
> lpszUserName[tdude].
> DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - release the mutex.
> DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - mutex released.
> DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - close the cache.
> DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser() returned 0x00000000
> DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD]
> PasswordSync::getUserData() returned 0x00000000
> DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD 1800]
> PassSyncCache::FreeSyncData()
> DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD 1800]
> PassSyncCache::FreeSyncData() returned.
> DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD]
> PasswordSync::DataEnum()
> DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD]
> PasswordSync::DataEnum().... checking that RPC Server is listening
> DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD]
> PasswordSync::DataEnum().... checking that RPC Server is listening
> DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfo()
> DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfo() Looking for specific Username[(null)]
> DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800] GetPwdInfo() -
> open the cache.  Key = SOFTWARE\Novell\PassSync\Data\MICROIISG.COM
> DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800] GetPwdInfo() -
> acquire the mutex.
> DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() -
> mutex acquired.
> DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() - get
> number of registry keys.
> DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() -
> dwSubKeys[0] dwPrefMaxEntries[-2] *lpdwResumeHandle[0]
> lpszUserName[(null)].
> DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() -
> Query only returned 0.
> DirXML: [01/31/06 16:38:15.14]: ADDriver: [PWD 1800] GetPwdInfo() -
> release the mutex.
> DirXML: [01/31/06 16:38:15.14]: ADDriver: [PWD 1800] GetPwdInfo() -
> mutex released.
> DirXML: [01/31/06 16:38:15.14]: ADDriver: [PWD]
> PasswordSync::DataEnum() returned 0x00000000
> DirXML: [01/31/06 16:38:15.14]: Loader: Received document from
> publicationShim
> DirXML: [01/31/06 16:38:15.14]: Loader: XML Document:
> DirXML: [01/31/06 16:38:15.15]: <nds dtdversion="2.2">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <input>
>                 <init-params>
>                         <publisher-state>
>                                
>
<cookie>TVNEUwMAAACw3K5ZfCbGAQAAAAAAAAAAKAAAAFXwAQAAAAAAAAAAAAAAAABV8AEAAAAAALkMY6HymVJJm5mqA99KzKIBAAAAAAAAAAEAAAAAAAAAuQxjofKZUkmbmaoD30rMolXwAQAAAAAA</cookie>
>                         </publisher-state>
>                 </init-params>
>         </input>
> </nds>
> DirXML: [01/31/06 16:38:15.15]: Loader: Writing driver state to file
> DirXML: [01/31/06 16:38:15.15]: Loader: Document consists only of
> state; not sending to remote side
> DirXML: [01/31/06 16:38:15.15]: Loader: Returning to publisher:
> DirXML: [01/31/06 16:38:15.15]: Loader: XML Document:
> DirXML: [01/31/06 16:38:15.16]: <nds ndsversion="8.6" dtdversion="1.0">
>         <output>
>                 <status level="success"/>
>         </output>
> </nds>
> DirXML: [01/31/06 16:38:15.16]: ADDriver: object changes complete 
> DirXML: [01/31/06 16:39:14.91]: ADDriver: Publisher Poll
> DirXML: [01/31/06 16:39:14.91]: ADDriver: get object changes - 0x0000
> DirXML: [01/31/06 16:39:14.91]: ADDriver: process object change entry
> DirXML: [01/31/06 16:39:14.91]: ADDriver: Processing change from AD:
> isDeleted: NULL, whenCreated NULL, name NULL
> DirXML: [01/31/06 16:39:14.91]: ADDriver: Publisher MODIFY
> DirXML: [01/31/06 16:39:14.92]: ADDriver: Publisher Modify-
> effectiveClassQuery  dn=CN=test dude,OU=Iisg,DC=microiisg,DC=com
> className=user
> DirXML: [01/31/06 16:39:14.92]: ADDriver: cn
> DirXML: [01/31/06 16:39:14.92]: ADDriver: description
> DirXML: [01/31/06 16:39:14.92]: ADDriver: dirxml-uACAccountDisable
> DirXML: [01/31/06 16:39:14.93]: ADDriver: displayName
> DirXML: [01/31/06 16:39:14.93]: ADDriver: facsimileTelephoneNumber
> DirXML: [01/31/06 16:39:14.93]: ADDriver: givenName
> DirXML: [01/31/06 16:39:14.93]: ADDriver: initials
> DirXML: [01/31/06 16:39:14.93]: ADDriver: l
> DirXML: [01/31/06 16:39:14.94]: ADDriver: logonHours
> DirXML: [01/31/06 16:39:14.94]: ADDriver: mail
> DirXML: [01/31/06 16:39:14.94]: ADDriver: physicalDeliveryOfficeName
> DirXML: [01/31/06 16:39:14.94]: ADDriver: postOfficeBox
> DirXML: [01/31/06 16:39:14.94]: ADDriver: postalCode
> DirXML: [01/31/06 16:39:14.94]: ADDriver: sAMAccountName
> DirXML: [01/31/06 16:39:14.95]: ADDriver: sn
> DirXML: [01/31/06 16:39:14.95]: ADDriver: st
> DirXML: [01/31/06 16:39:14.95]: ADDriver: streetAddress
> DirXML: [01/31/06 16:39:14.95]: ADDriver: telephoneNumber
> DirXML: [01/31/06 16:39:14.95]: ADDriver: title
> DirXML: [01/31/06 16:39:14.96]: Loader: Received document from
> publicationShim
> DirXML: [01/31/06 16:39:14.96]: Loader: XML Document:
> DirXML: [01/31/06 16:39:14.96]: <nds dtdversion="2.2">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <input>
>                 <modify class-name="user" event-id="Active
> Directory##109211e1c6b##0"
> src-dn="CN=test dude,OU=Iisg,DC=microiisg,DC=com">
>                        
> <association>48ae9f611f0a6349a469a90fd3aa0011</association>
>                         <modify-attr attr-name="mail">
>                                 <remove-all-values/>
>                                 <add-value>
>                                         <value type="string"
> naming="false">t...@microiisg.com</value>
>                                 </add-value>
>                         </modify-attr>
>                 </modify>
>         </input>
> </nds>
> DirXML: [01/31/06 16:39:15.05]: Loader: Received 'publisher query back'
> document
> DirXML: [01/31/06 16:39:15.05]: Loader: XML Document:
> DirXML: [01/31/06 16:39:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <input>
>                 <query class-name="user" event-id="0" scope="entry">
>                        
> <association>48ae9f611f0a6349a469a90fd3aa0011</association>
>                         <read-attr attr-name="cn"/>
>                         <read-attr attr-name="description"/>
>                         <read-attr attr-name="sAMAccountName"/>
>                         <read-attr attr-name="facsimileTelephoneNumber"/>
>                         <read-attr attr-name="displayName"/>
>                         <read-attr attr-name="givenName"/>
>                         <read-attr attr-name="initials"/>
>                         <read-attr attr-name="mail"/>
>                         <read-attr attr-name="physicalDeliveryOfficeName"/>
>                         <read-attr attr-name="logonHours"/>
>                         <read-attr attr-name="dirxml-uACAccountDisable"/>
>                         <read-attr attr-name="nspmDistributionPassword"/>
>                         <read-attr attr-name="l"/>
>                         <read-attr attr-name="postalCode"/>
>                         <read-attr attr-name="postOfficeBox"/>
>                         <read-attr attr-name="st"/>
>                         <read-attr attr-name="streetAddress"/>
>                         <read-attr attr-name="sn"/>
>                         <read-attr attr-name="telephoneNumber"/>
>                         <read-attr attr-name="title"/>
>                 </query>
>         </input>
> </nds>
> DirXML: [01/31/06 16:39:15.05]: Loader: DirXML returned:
> DirXML: [01/31/06 16:39:15.05]: Loader: XML Document:
> DirXML: [01/31/06 16:39:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <input>
>                 <query class-name="user" event-id="0" scope="entry">
>                        
> <association>48ae9f611f0a6349a469a90fd3aa0011</association>
>                         <read-attr attr-name="cn"/>
>                         <read-attr attr-name="description"/>
>                         <read-attr attr-name="sAMAccountName"/>
>                         <read-attr attr-name="facsimileTelephoneNumber"/>
>                         <read-attr attr-name="displayName"/>
>                         <read-attr attr-name="givenName"/>
>                         <read-attr attr-name="initials"/>
>                         <read-attr attr-name="mail"/>
>                         <read-attr attr-name="physicalDeliveryOfficeName"/>
>                         <read-attr attr-name="logonHours"/>
>                         <read-attr attr-name="dirxml-uACAccountDisable"/>
>                         <read-attr attr-name="nspmDistributionPassword"/>
>                         <read-attr attr-name="l"/>
>                         <read-attr attr-name="postalCode"/>
>                         <read-attr attr-name="postOfficeBox"/>
>                         <read-attr attr-name="st"/>
>                         <read-attr attr-name="streetAddress"/>
>                         <read-attr attr-name="sn"/>
>                         <read-attr attr-name="telephoneNumber"/>
>                         <read-attr attr-name="title"/>
>                 </query>
>         </input>
> </nds>
> DirXML: [01/31/06 16:39:15.05]: ADDriver: parse command
> 
>   className    user
>   destDN
>   eventId      0
>   association  48ae9f611f0a6349a469a90fd3aa0011
> DirXML: [01/31/06 16:39:15.05]: ADDriver: query
> DirXML: [01/31/06 16:39:15.05]: ADDriver: query constraints
> DirXML: [01/31/06 16:39:15.05]: ADDriver: Connect using ldap_bind:
> user=administrator, domain=microiisg, password=***, method=negotiate,
> server=sbs.microiisg.com, sign=no, seal=no ssl=no
> DirXML: [01/31/06 16:39:15.08]: ADDriver: ldap_bind connection
> succeeded
> DirXML: [01/31/06 16:39:15.08]: ADDriver:    warning: read-attr
> nspmDistributionPasswordnot in schema
> DirXML: [01/31/06 16:39:15.09]: ADDriver: query
>   base DN: CN=test dude,OU=Iisg,DC=microiisg,DC=com,
>   filter: (objectClass=*),
>    return: (attribute values) objectClass, objectGUID, cn, description,
> userAccountControl, displayName, facsimileTelephoneNumber, givenName,
> initials, l, logonHours, mail, physicalDeliveryOfficeName,
> postOfficeBox, postalCode, sAMAccountName, sn, st, streetAddress,
> telephoneNumber, title,
> DirXML: [01/31/06 16:39:15.09]: ADDriver: query
>   base DN: CN=test dude,OU=Iisg,DC=microiisg,DC=com,
>   filter: (objectClass=*),
>    return: (attribute values) objectClass, objectGUID, cn, description,
> userAccountControl, displayName, facsimileTelephoneNumber, givenName,
> initials, l, logonHours, mail, physicalDeliveryOfficeName,
> postOfficeBox, postalCode, sAMAccountName, sn, st, streetAddress,
> telephoneNumber, title,
> DirXML: [01/31/06 16:39:15.09]: ADDriver: ldap get next page (
> 2147483647)
> DirXML: [01/31/06 16:39:15.09]: ADDriver: ldap get next page (
> 2147483647)
> DirXML: [01/31/06 16:39:15.16]: Loader: Received 'publisher reply'
> document
> DirXML: [01/31/06 16:39:15.16]: Loader: XML Document:
> DirXML: [01/31/06 16:39:15.16]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <output>
>                 <status event-id="Active Directory##109211e1c6b##0"
> level="warning">Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
>                         <module>Active Directory</module>
>                         <object-dn>CN=test
> dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
>                         <component>Publisher</component>
>                 </status>
>         </output>
> </nds>
> DirXML: [01/31/06 16:39:15.16]: Loader: DirXML returned:
> DirXML: [01/31/06 16:39:15.17]: Loader: XML Document:
> DirXML: [01/31/06 16:39:15.17]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <output>
>                 <status event-id="Active Directory##109211e1c6b##0"
> level="warning">Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
>                         <module>Active Directory</module>
>                         <object-dn>CN=test
> dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
>                         <component>Publisher</component>
>                 </status>
>         </output>
> </nds>
> DirXML: [01/31/06 16:39:15.17]:
> DirXML Log Event -------------------
>     Driver  = \MICRO\micro\ADeDirDriver\Active Directory
>     Thread  = Publisher Channel
>     Object  = CN=test dude,OU=Iisg,DC=microiisg,DC=com
>     Level   = warning
>     Message = Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
> <module>Active Directory</module>
> <object-dn>CN=test dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
> <component>Publisher</component>
> DirXML: [01/31/06 16:39:15.17]: ADDriver: [PWD]
> PasswordSync::getUserData()
> DirXML: [01/31/06 16:39:15.17]: ADDriver: [PWD]
> PasswordSync::getUserData().... checking that RPC Server is listening
> DirXML: [01/31/06 16:39:15.17]: ADDriver: [PWD]
> PasswordSync::getUserData().... checking that RPC Server is listening
> DirXML: [01/31/06 16:39:15.18]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser()
> DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser() Looking for specific Username[tdude]
> DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - open the cache.  Key = SOFTWARE\Novell\PassSync\Data\MICROIISG.COM
> DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - acquire the mutex.
> DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - mutex acquired.
> DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - get number of registry keys.
> DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - dwSubKeys[0] dwPrefMaxEntries[1] *lpdwResumeHandle[0]
> lpszUserName[tdude].
> DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - release the mutex.
> DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - mutex released.
> DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - close the cache.
> DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser() returned 0x00000000
> DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD]
> PasswordSync::getUserData() returned 0x00000000
> DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD 1800]
> PassSyncCache::FreeSyncData()
> DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD 1800]
> PassSyncCache::FreeSyncData() returned.
> DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD]
> PasswordSync::DataEnum()
> DirXML: [01/31/06 ...

0
ab
2/1/2006 2:09:44 AM
A trace from the engine side would be more revealing, but it looks like 
some attribute that is required by matching policy has not been 
populated or has been removed from the filter.


--

Father Ramon


wnbahadoer@wanadoo.nl wrote:
> I have a netware 6.5 with IDM3 and win2k3 remote loader. Everything
> seems to be ok in my DSTrace.log file on my win2k3 server. When i
> create a user in AD this is what the log file says and there is no user
> created in eDir ( the other way around doesn't work either):
> 
> <nds dtdversion="2.2">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <input>
>                 <add class-name="user" event-id="Active
> Directory##109211d31fb##0"
> src-dn="CN=test dude,OU=Iisg,DC=microiisg,DC=com">
>                        
> <association>48ae9f611f0a6349a469a90fd3aa0011</association>
>                         <add-attr attr-name="cn">
>                                 <value type="string">test dude</value>
>                         </add-attr>
>                         <add-attr attr-name="dirxml-uACAccountDisable">
>                                 <value type="state">false</value>
>                         </add-attr>
>                         <add-attr attr-name="displayName">
>                                 <value type="string" naming="false">test
> dude</value>
>                         </add-attr>
>                         <add-attr attr-name="givenName">
>                                 <value type="string"
> naming="false">test</value>
>                         </add-attr>
>                         <add-attr attr-name="sAMAccountName">
>                                 <value type="string"
> naming="false">tdude</value>
>                         </add-attr>
>                         <add-attr attr-name="sn">
>                                 <value type="string"
> naming="false">dude</value>
>                         </add-attr>
>                 </add>
>         </input>
> </nds>
> DirXML: [01/31/06 16:38:15.05]: Loader: Received 'publisher reply'
> document
> DirXML: [01/31/06 16:38:15.05]: Loader: XML Document:
> DirXML: [01/31/06 16:38:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <output>
>                 <status event-id="Active Directory##109211d31fb##0"
> level="warning">Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
>                         <module>Active Directory</module>
>                         <object-dn>CN=test
> dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
>                         <component>Publisher</component>
>                 </status>
>         </output>
> </nds>
> DirXML: [01/31/06 16:38:15.05]: Loader: DirXML returned:
> DirXML: [01/31/06 16:38:15.05]: Loader: XML Document:
> DirXML: [01/31/06 16:38:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <output>
>                 <status event-id="Active Directory##109211d31fb##0"
> level="warning">Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
>                         <module>Active Directory</module>
>                         <object-dn>CN=test
> dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
>                         <component>Publisher</component>
>                 </status>
>         </output>
> </nds>
> DirXML: [01/31/06 16:38:15.05]:
> DirXML Log Event -------------------
>     Driver  = \MICRO\micro\ADeDirDriver\Active Directory
>     Thread  = Publisher Channel
>     Object  = CN=test dude,OU=Iisg,DC=microiisg,DC=com
>     Level   = warning
>     Message = Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
> <module>Active Directory</module>
> <object-dn>CN=test dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
> <component>Publisher</component>
> DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD]
> PasswordSync::getUserData()
> DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD]
> PasswordSync::getUserData().... checking that RPC Server is listening
> DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD]
> PasswordSync::getUserData().... checking that RPC Server is listening
> DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser()
> DirXML: [01/31/06 16:38:15.05]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser() Looking for specific Username[tdude]
> DirXML: [01/31/06 16:38:15.08]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - open the cache.  Key = SOFTWARE\Novell\PassSync\Data\MICROIISG.COM
> DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - acquire the mutex.
> DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - mutex acquired.
> DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - get number of registry keys.
> DirXML: [01/31/06 16:38:15.09]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - dwSubKeys[0] dwPrefMaxEntries[1] *lpdwResumeHandle[0]
> lpszUserName[tdude].
> DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - release the mutex.
> DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - mutex released.
> DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - close the cache.
> DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser() returned 0x00000000
> DirXML: [01/31/06 16:38:15.10]: ADDriver: [PWD]
> PasswordSync::getUserData() returned 0x00000000
> DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD 1800]
> PassSyncCache::FreeSyncData()
> DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD 1800]
> PassSyncCache::FreeSyncData() returned.
> DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD]
> PasswordSync::DataEnum()
> DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD]
> PasswordSync::DataEnum().... checking that RPC Server is listening
> DirXML: [01/31/06 16:38:15.11]: ADDriver: [PWD]
> PasswordSync::DataEnum().... checking that RPC Server is listening
> DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfo()
> DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfo() Looking for specific Username[(null)]
> DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800] GetPwdInfo() -
> open the cache.  Key = SOFTWARE\Novell\PassSync\Data\MICROIISG.COM
> DirXML: [01/31/06 16:38:15.12]: ADDriver: [PWD 1800] GetPwdInfo() -
> acquire the mutex.
> DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() -
> mutex acquired.
> DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() - get
> number of registry keys.
> DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() -
> dwSubKeys[0] dwPrefMaxEntries[-2] *lpdwResumeHandle[0]
> lpszUserName[(null)].
> DirXML: [01/31/06 16:38:15.13]: ADDriver: [PWD 1800] GetPwdInfo() -
> Query only returned 0.
> DirXML: [01/31/06 16:38:15.14]: ADDriver: [PWD 1800] GetPwdInfo() -
> release the mutex.
> DirXML: [01/31/06 16:38:15.14]: ADDriver: [PWD 1800] GetPwdInfo() -
> mutex released.
> DirXML: [01/31/06 16:38:15.14]: ADDriver: [PWD]
> PasswordSync::DataEnum() returned 0x00000000
> DirXML: [01/31/06 16:38:15.14]: Loader: Received document from
> publicationShim
> DirXML: [01/31/06 16:38:15.14]: Loader: XML Document:
> DirXML: [01/31/06 16:38:15.15]: <nds dtdversion="2.2">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <input>
>                 <init-params>
>                         <publisher-state>
>                                
> <cookie>TVNEUwMAAACw3K5ZfCbGAQAAAAAAAAAAKAAAAFXwAQAAAAAAAAAAAAAAAABV8AEAAAAAALkMY6HymVJJm5mqA99KzKIBAAAAAAAAAAEAAAAAAAAAuQxjofKZUkmbmaoD30rMolXwAQAAAAAA</cookie>
>                         </publisher-state>
>                 </init-params>
>         </input>
> </nds>
> DirXML: [01/31/06 16:38:15.15]: Loader: Writing driver state to file
> DirXML: [01/31/06 16:38:15.15]: Loader: Document consists only of
> state; not sending to remote side
> DirXML: [01/31/06 16:38:15.15]: Loader: Returning to publisher:
> DirXML: [01/31/06 16:38:15.15]: Loader: XML Document:
> DirXML: [01/31/06 16:38:15.16]: <nds ndsversion="8.6" dtdversion="1.0">
>         <output>
>                 <status level="success"/>
>         </output>
> </nds>
> DirXML: [01/31/06 16:38:15.16]: ADDriver: object changes complete 
> DirXML: [01/31/06 16:39:14.91]: ADDriver: Publisher Poll
> DirXML: [01/31/06 16:39:14.91]: ADDriver: get object changes - 0x0000
> DirXML: [01/31/06 16:39:14.91]: ADDriver: process object change entry
> DirXML: [01/31/06 16:39:14.91]: ADDriver: Processing change from AD:
> isDeleted: NULL, whenCreated NULL, name NULL
> DirXML: [01/31/06 16:39:14.91]: ADDriver: Publisher MODIFY
> DirXML: [01/31/06 16:39:14.92]: ADDriver: Publisher Modify-
> effectiveClassQuery  dn=CN=test dude,OU=Iisg,DC=microiisg,DC=com
> className=user
> DirXML: [01/31/06 16:39:14.92]: ADDriver: cn
> DirXML: [01/31/06 16:39:14.92]: ADDriver: description
> DirXML: [01/31/06 16:39:14.92]: ADDriver: dirxml-uACAccountDisable
> DirXML: [01/31/06 16:39:14.93]: ADDriver: displayName
> DirXML: [01/31/06 16:39:14.93]: ADDriver: facsimileTelephoneNumber
> DirXML: [01/31/06 16:39:14.93]: ADDriver: givenName
> DirXML: [01/31/06 16:39:14.93]: ADDriver: initials
> DirXML: [01/31/06 16:39:14.93]: ADDriver: l
> DirXML: [01/31/06 16:39:14.94]: ADDriver: logonHours
> DirXML: [01/31/06 16:39:14.94]: ADDriver: mail
> DirXML: [01/31/06 16:39:14.94]: ADDriver: physicalDeliveryOfficeName
> DirXML: [01/31/06 16:39:14.94]: ADDriver: postOfficeBox
> DirXML: [01/31/06 16:39:14.94]: ADDriver: postalCode
> DirXML: [01/31/06 16:39:14.94]: ADDriver: sAMAccountName
> DirXML: [01/31/06 16:39:14.95]: ADDriver: sn
> DirXML: [01/31/06 16:39:14.95]: ADDriver: st
> DirXML: [01/31/06 16:39:14.95]: ADDriver: streetAddress
> DirXML: [01/31/06 16:39:14.95]: ADDriver: telephoneNumber
> DirXML: [01/31/06 16:39:14.95]: ADDriver: title
> DirXML: [01/31/06 16:39:14.96]: Loader: Received document from
> publicationShim
> DirXML: [01/31/06 16:39:14.96]: Loader: XML Document:
> DirXML: [01/31/06 16:39:14.96]: <nds dtdversion="2.2">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <input>
>                 <modify class-name="user" event-id="Active
> Directory##109211e1c6b##0"
> src-dn="CN=test dude,OU=Iisg,DC=microiisg,DC=com">
>                        
> <association>48ae9f611f0a6349a469a90fd3aa0011</association>
>                         <modify-attr attr-name="mail">
>                                 <remove-all-values/>
>                                 <add-value>
>                                         <value type="string"
> naming="false">t...@microiisg.com</value>
>                                 </add-value>
>                         </modify-attr>
>                 </modify>
>         </input>
> </nds>
> DirXML: [01/31/06 16:39:15.05]: Loader: Received 'publisher query back'
> document
> DirXML: [01/31/06 16:39:15.05]: Loader: XML Document:
> DirXML: [01/31/06 16:39:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <input>
>                 <query class-name="user" event-id="0" scope="entry">
>                        
> <association>48ae9f611f0a6349a469a90fd3aa0011</association>
>                         <read-attr attr-name="cn"/>
>                         <read-attr attr-name="description"/>
>                         <read-attr attr-name="sAMAccountName"/>
>                         <read-attr attr-name="facsimileTelephoneNumber"/>
>                         <read-attr attr-name="displayName"/>
>                         <read-attr attr-name="givenName"/>
>                         <read-attr attr-name="initials"/>
>                         <read-attr attr-name="mail"/>
>                         <read-attr attr-name="physicalDeliveryOfficeName"/>
>                         <read-attr attr-name="logonHours"/>
>                         <read-attr attr-name="dirxml-uACAccountDisable"/>
>                         <read-attr attr-name="nspmDistributionPassword"/>
>                         <read-attr attr-name="l"/>
>                         <read-attr attr-name="postalCode"/>
>                         <read-attr attr-name="postOfficeBox"/>
>                         <read-attr attr-name="st"/>
>                         <read-attr attr-name="streetAddress"/>
>                         <read-attr attr-name="sn"/>
>                         <read-attr attr-name="telephoneNumber"/>
>                         <read-attr attr-name="title"/>
>                 </query>
>         </input>
> </nds>
> DirXML: [01/31/06 16:39:15.05]: Loader: DirXML returned:
> DirXML: [01/31/06 16:39:15.05]: Loader: XML Document:
> DirXML: [01/31/06 16:39:15.05]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <input>
>                 <query class-name="user" event-id="0" scope="entry">
>                        
> <association>48ae9f611f0a6349a469a90fd3aa0011</association>
>                         <read-attr attr-name="cn"/>
>                         <read-attr attr-name="description"/>
>                         <read-attr attr-name="sAMAccountName"/>
>                         <read-attr attr-name="facsimileTelephoneNumber"/>
>                         <read-attr attr-name="displayName"/>
>                         <read-attr attr-name="givenName"/>
>                         <read-attr attr-name="initials"/>
>                         <read-attr attr-name="mail"/>
>                         <read-attr attr-name="physicalDeliveryOfficeName"/>
>                         <read-attr attr-name="logonHours"/>
>                         <read-attr attr-name="dirxml-uACAccountDisable"/>
>                         <read-attr attr-name="nspmDistributionPassword"/>
>                         <read-attr attr-name="l"/>
>                         <read-attr attr-name="postalCode"/>
>                         <read-attr attr-name="postOfficeBox"/>
>                         <read-attr attr-name="st"/>
>                         <read-attr attr-name="streetAddress"/>
>                         <read-attr attr-name="sn"/>
>                         <read-attr attr-name="telephoneNumber"/>
>                         <read-attr attr-name="title"/>
>                 </query>
>         </input>
> </nds>
> DirXML: [01/31/06 16:39:15.05]: ADDriver: parse command
> 
>   className    user
>   destDN
>   eventId      0
>   association  48ae9f611f0a6349a469a90fd3aa0011
> DirXML: [01/31/06 16:39:15.05]: ADDriver: query
> DirXML: [01/31/06 16:39:15.05]: ADDriver: query constraints
> DirXML: [01/31/06 16:39:15.05]: ADDriver: Connect using ldap_bind:
> user=administrator, domain=microiisg, password=***, method=negotiate,
> server=sbs.microiisg.com, sign=no, seal=no ssl=no
> DirXML: [01/31/06 16:39:15.08]: ADDriver: ldap_bind connection
> succeeded
> DirXML: [01/31/06 16:39:15.08]: ADDriver:    warning: read-attr
> nspmDistributionPasswordnot in schema
> DirXML: [01/31/06 16:39:15.09]: ADDriver: query
>   base DN: CN=test dude,OU=Iisg,DC=microiisg,DC=com,
>   filter: (objectClass=*),
>    return: (attribute values) objectClass, objectGUID, cn, description,
> userAccountControl, displayName, facsimileTelephoneNumber, givenName,
> initials, l, logonHours, mail, physicalDeliveryOfficeName,
> postOfficeBox, postalCode, sAMAccountName, sn, st, streetAddress,
> telephoneNumber, title,
> DirXML: [01/31/06 16:39:15.09]: ADDriver: query
>   base DN: CN=test dude,OU=Iisg,DC=microiisg,DC=com,
>   filter: (objectClass=*),
>    return: (attribute values) objectClass, objectGUID, cn, description,
> userAccountControl, displayName, facsimileTelephoneNumber, givenName,
> initials, l, logonHours, mail, physicalDeliveryOfficeName,
> postOfficeBox, postalCode, sAMAccountName, sn, st, streetAddress,
> telephoneNumber, title,
> DirXML: [01/31/06 16:39:15.09]: ADDriver: ldap get next page (
> 2147483647)
> DirXML: [01/31/06 16:39:15.09]: ADDriver: ldap get next page (
> 2147483647)
> DirXML: [01/31/06 16:39:15.16]: Loader: Received 'publisher reply'
> document
> DirXML: [01/31/06 16:39:15.16]: Loader: XML Document:
> DirXML: [01/31/06 16:39:15.16]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <output>
>                 <status event-id="Active Directory##109211e1c6b##0"
> level="warning">Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
>                         <module>Active Directory</module>
>                         <object-dn>CN=test
> dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
>                         <component>Publisher</component>
>                 </status>
>         </output>
> </nds>
> DirXML: [01/31/06 16:39:15.16]: Loader: DirXML returned:
> DirXML: [01/31/06 16:39:15.17]: Loader: XML Document:
> DirXML: [01/31/06 16:39:15.17]: <nds dtdversion="3.0" ndsversion="8.x">
>         <source>
>                 <product version="3.0.0.20051118 ">DirXML</product>
>                 <contact>Novell, Inc.</contact>
>         </source>
>         <output>
>                 <status event-id="Active Directory##109211e1c6b##0"
> level="warning">Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
>                         <module>Active Directory</module>
>                         <object-dn>CN=test
> dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
>                         <component>Publisher</component>
>                 </status>
>         </output>
> </nds>
> DirXML: [01/31/06 16:39:15.17]:
> DirXML Log Event -------------------
>     Driver  = \MICRO\micro\ADeDirDriver\Active Directory
>     Thread  = Publisher Channel
>     Object  = CN=test dude,OU=Iisg,DC=microiisg,DC=com
>     Level   = warning
>     Message = Code(-8016) Operation vetoed by object matching
> policy.<application>DirXML</application>
> <module>Active Directory</module>
> <object-dn>CN=test dude,OU=Iisg,DC=microiisg,DC=com</object-dn>
> <component>Publisher</component>
> DirXML: [01/31/06 16:39:15.17]: ADDriver: [PWD]
> PasswordSync::getUserData()
> DirXML: [01/31/06 16:39:15.17]: ADDriver: [PWD]
> PasswordSync::getUserData().... checking that RPC Server is listening
> DirXML: [01/31/06 16:39:15.17]: ADDriver: [PWD]
> PasswordSync::getUserData().... checking that RPC Server is listening
> DirXML: [01/31/06 16:39:15.18]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser()
> DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser() Looking for specific Username[tdude]
> DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - open the cache.  Key = SOFTWARE\Novell\PassSync\Data\MICROIISG.COM
> DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - acquire the mutex.
> DirXML: [01/31/06 16:39:15.19]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - mutex acquired.
> DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - get number of registry keys.
> DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - dwSubKeys[0] dwPrefMaxEntries[1] *lpdwResumeHandle[0]
> lpszUserName[tdude].
> DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - release the mutex.
> DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - mutex released.
> DirXML: [01/31/06 16:39:15.20]: ADDriver: [PWD 1800] GetPwdInfoByUser()
> - close the cache.
> DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD 1800]
> PassSyncCache::GetPwdInfoByUser() returned 0x00000000
> DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD]
> PasswordSync::getUserData() returned 0x00000000
> DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD 1800]
> PassSyncCache::FreeSyncData()
> DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD 1800]
> PassSyncCache::FreeSyncData() returned.
> DirXML: [01/31/06 16:39:15.21]: ADDriver: [PWD]
> PasswordSync::DataEnum()
> DirXML: [01/31/06 ...
0
Father
2/1/2006 2:13:37 AM
I created a new AD driver by importing a driver configuration from the 
server. But when I create a new user in AD: cn=iisg,dc=microiisg,dc=com 
which should synchronize with eDir: cn=iisg,dc=microiisg,dc=com, i still 
get the same error. The log file is from my win2k3(remote loader) and this 
time it is set to level 3. Please help


DirXML: [02/01/06 10:52:04.55]: ADDriver: process object change entry
DirXML: [02/01/06 10:52:04.55]: ADDriver: Processing change from AD: 
isDeleted: NULL, whenCreated 20060201095130.0Z, name winuser test1
DirXML: [02/01/06 10:52:04.55]: ADDriver: Publisher ADD
DirXML: [02/01/06 10:52:04.55]: ADDriver: Publisher-effectiveClassQuery  
dn=CN=winuser test1,OU=Iisg,DC=microiisg,DC=com  className=user
DirXML: [02/01/06 10:52:04.56]: ADDriver: description
DirXML: [02/01/06 10:52:04.56]: ADDriver: dirxml-uACAccountDisable
	appending addAttr attribute to input document...
DirXML: [02/01/06 10:52:04.56]: ADDriver: displayName
	appending addAttr attribute to input document...
DirXML: [02/01/06 10:52:04.57]: ADDriver: facsimileTelephoneNumber
DirXML: [02/01/06 10:52:04.57]: ADDriver: givenName
	appending addAttr attribute to input document...
DirXML: [02/01/06 10:52:04.57]: ADDriver: initials
DirXML: [02/01/06 10:52:04.57]: ADDriver: l
DirXML: [02/01/06 10:52:04.57]: ADDriver: logonHours
DirXML: [02/01/06 10:52:04.58]: ADDriver: mail
	appending addAttr attribute to input document...
DirXML: [02/01/06 10:52:04.58]: ADDriver: physicalDeliveryOfficeName
DirXML: [02/01/06 10:52:04.58]: ADDriver: postOfficeBox
DirXML: [02/01/06 10:52:04.58]: ADDriver: postalCode
DirXML: [02/01/06 10:52:04.59]: ADDriver: sAMAccountName
	appending addAttr attribute to input document...
DirXML: [02/01/06 10:52:04.59]: ADDriver: sn
	appending addAttr attribute to input document...
DirXML: [02/01/06 10:52:04.59]: ADDriver: st
DirXML: [02/01/06 10:52:04.59]: ADDriver: streetAddress
DirXML: [02/01/06 10:52:04.60]: ADDriver: telephoneNumber
DirXML: [02/01/06 10:52:04.60]: ADDriver: title
DirXML: [02/01/06 10:52:04.60]: Loader: Received document from 
publicationShim
DirXML: [02/01/06 10:52:04.60]: Loader: XML Document:
DirXML: [02/01/06 10:52:04.60]: <nds dtdversion="2.2">
	<source>
		<product version="3.0.0.20051118 ">DirXML</product>
		<contact>Novell, Inc.</contact>
	</source>
	<input>
		<add class-name="user" event-
id="addriver.dll##10925069fd7##0" src-dn="CN=winuser 
test1,OU=Iisg,DC=microiisg,DC=com">
		
	<association>30c78c51ca57df42a53779e2d546ca3c</association>
			<add-attr attr-name="dirxml-uACAccountDisable">
				<value type="state">false</value>
			</add-attr>
			<add-attr attr-name="displayName">
				<value type="string" 
naming="false">winuser test1</value>
			</add-attr>
			<add-attr attr-name="givenName">
				<value type="string" 
naming="false">winuser</value>
			</add-attr>
			<add-attr attr-name="mail">
				<value type="string" 
naming="false">wtest1@microiisg.com</value>
			</add-attr>
			<add-attr attr-name="sAMAccountName">
				<value type="string" 
naming="false">wtest1</value>
			</add-attr>
			<add-attr attr-name="sn">
				<value type="string" 
naming="false">test1</value>
			</add-attr>
		</add>
	</input>
</nds>
DirXML: [02/01/06 10:52:04.62]: Loader: Received 'publisher reply' document
DirXML: [02/01/06 10:52:04.62]: Loader: XML Document:
DirXML: [02/01/06 10:52:04.62]: <nds dtdversion="3.0" ndsversion="8.x">
	<source>
		<product version="3.0.0.20051118 ">DirXML</product>
		<contact>Novell, Inc.</contact>
	</source>
	<output>
		<status event-id="addriver.dll##10925069fd7##0" 
level="warning">Code(-8016) Operation vetoed by object matching 
policy.<application>DirXML</application>
			<module>addriver.dll</module>
			<object-dn>CN=winuser 
test1,OU=Iisg,DC=microiisg,DC=com</object-dn>
			<component>Publisher</component>
		</status>
	</output>
</nds>
DirXML: [02/01/06 10:52:04.62]: Loader: DirXML returned:
DirXML: [02/01/06 10:52:04.63]: Loader: XML Document:
DirXML: [02/01/06 10:52:04.63]: <nds dtdversion="3.0" ndsversion="8.x">
	<source>
		<product version="3.0.0.20051118 ">DirXML</product>
		<contact>Novell, Inc.</contact>
	</source>
	<output>
		<status event-id="addriver.dll##10925069fd7##0" 
level="warning">Code(-8016) Operation vetoed by object matching 
policy.<application>DirXML</application>
			<module>addriver.dll</module>
			<object-dn>CN=winuser 
test1,OU=Iisg,DC=microiisg,DC=com</object-dn>
			<component>Publisher</component>
		</status>
	</output>
</nds>
DirXML: [02/01/06 10:52:04.63]: 
DirXML Log Event -------------------
    Driver  = \MICRO\micro\ADeDirDriver\addriver.dll
    Thread  = Publisher Channel
    Object  = CN=winuser test1,OU=Iisg,DC=microiisg,DC=com
    Level   = warning
    Message = Code(-8016) Operation vetoed by object matching 
policy.<application>DirXML</application>
<module>addriver.dll</module>
<object-dn>CN=winuser test1,OU=Iisg,DC=microiisg,DC=com</object-dn>
<component>Publisher</component>
DirXML: [02/01/06 10:52:04.64]: Loader: Received document from 
publicationShim
DirXML: [02/01/06 10:52:04.64]: Loader: XML Document:
DirXML: [02/01/06 10:52:04.64]: <nds dtdversion="2.2">
	<source>
		<product version="3.0.0.20051118 ">DirXML</product>
		<contact>Novell, Inc.</contact>
	</source>
	<input>
		<init-params>
			<publisher-state>
			
	<cookie>TVNEUwMAAAAw1wAoFSfGAQAAAAAAAAAAKAAAAKLwAQAAAAAAAAAAAAAAA
ACi8AEAAAAAALkMY6HymVJJm5mqA99KzKIBAAAAAAAAAAEAAAAAAAAAuQxjofKZUkmbmaoD30rM
oqLwAQAAAAAA</cookie>
			</publisher-state>
		</init-params>
	</input>
</nds>
DirXML: [02/01/06 10:52:04.65]: Loader: Writing driver state to file
DirXML: [02/01/06 10:52:04.65]: Loader: Document consists only of state; 
not sending to remote side
DirXML: [02/01/06 10:52:04.65]: Loader: Returning to publisher:
DirXML: [02/01/06 10:52:04.65]: Loader: XML Document:
DirXML: [02/01/06 10:52:04.65]: <nds ndsversion="8.6" dtdversion="1.0">
	<output>
		<status level="success"/>
	</output>
</nds>
DirXML: [02/01/06 10:52:04.66]: ADDriver: object changes complete
DirXML: [02/01/06 10:53:04.56]: ADDriver: get object changes - 0x0000
DirXML: [02/01/06 10:53:04.56]: ADDriver: object changes complete
0
wnbahadoer
2/1/2006 10:27:39 AM
Could you post

1) the XML of you Publisher Matching Policy(ies)

2) and in a separate Post, a Level DSTrace from the IDM Server (and not 
from the Remote Loader)

Rgds   
0
Martyn
2/1/2006 12:42:16 PM
> 1) the XML of you Publisher Matching Policy(ies)

<?xml version="1.0" encoding="UTF-8"?><policy>
	<description>Find a matching unassociated object in the Identity
Vault.</description>
	<rule>
		<description>remember relative position in hierarchy</description>
		<comment xml:space="preserve">The default policy assumes that you want to
synchronize a subset of Active Directory with the Identity Vault. this rule
marks events in the given containers for processing by adding the
unmached-src-dn operational property. You can add subtrees in Active
Directory t for inclusion by adding if-src-dn conditionals here. If you are
using mirrored placement, the unmatched-src-dn is used later in the
placement rule. If you do not use container based scoping, this rule may be
modified or removed. If you change this rule, the placement rules must also
be changed to reflect your policy.</comment>
		<conditions>
			<or>
				<if-src-dn op="in-subtree" xml:space="preserve">micro\Iisg</if-src-dn>
			</or>
		</conditions>
		<actions>
			<do-set-op-property name="unmatched-src-dn">
				<arg-string>
					<token-unmatched-src-dn convert="true"/>
				</arg-string>
			</do-set-op-property>
		</actions>
	</rule>
	<rule>
		<description>veto out-of-scope events</description>
		<comment>When scoping by container, events outside of the Active
Directory containers defined in the above rule will not have a
unmatched-src-dn operational property and will be vetoed. If you do not
want to use container based scoping, this rule should be modified or
removed.</comment>
		<conditions>
			<and>
				<if-op-property name="unmatched-src-dn" op="not-available"/>
			</and>
		</conditions>
		<actions>
			<do-veto/>
		</actions>
	</rule>
	<rule>
		<description>match users based on NT logon name</description>
		<comment xml:space="preserve">Logon name policy: match object name from
the Identity Vault to the NT logon name in Active Directory. Objects are
matched anywhere in the destination hierarchy, not just the relative
position in the hierarchy. This match is not performed if a matching object
was found in a previous rule.</comment>
		<conditions>
			<and>
				<if-class-name mode="case" op="equal">User</if-class-name>
				<if-global-variable mode="case" name="LogonNameMap"
op="equal">true</if-global-variable>
			</and>
		</conditions>
		<actions>
			<do-find-matching-object scope="subtree">
				<arg-dn>
					<token-text xml:space="preserve">micro\Iisg</token-text>
				</arg-dn>
				<arg-match-attr name="CN">
					<arg-value type="string">
						<token-attr name="DirXML-ADAliasName"/>
					</arg-value>
				</arg-match-attr>
			</do-find-matching-object>
		</actions>
	</rule>
	<rule>
		<description>match users based on full name</description>
		<comment xml:space="preserve">Full name policy: </comment>
		<conditions>
			<and>
				<if-class-name mode="case" op="equal">User</if-class-name>
				<if-global-variable mode="case" name="FullNameMap"
op="equal">true</if-global-variable>
			</and>
		</conditions>
		<actions>
			<do-find-matching-object scope="subordinates">
				<arg-dn>
					<token-text xml:space="preserve">micro\Iisg</token-text>
					<token-text xml:space="preserve">\</token-text>
					<token-parse-dn dest-dn-format="dest-dn" length="-2">
						<token-op-property name="unmatched-src-dn"/>
					</token-parse-dn>
				</arg-dn>
				<arg-match-attr name="Full Name">
					<arg-value type="string">
						<token-src-name/>
					</arg-value>
				</arg-match-attr>
			</do-find-matching-object>
		</actions>
	</rule>
	<rule>
		<description>match everything else</description>
		<comment xml:space="preserve">Match objects in Active Directory based on
the object name and relative position in the hierarchy. This match is not
performed if a matching object was found in a previous rule.</comment>
		<conditions>
			<and>
				<if-class-name mode="case" op="not-equal">User</if-class-name>
			</and>
		</conditions>
		<actions>
			<do-find-matching-object scope="entry">
				<arg-dn>
					<token-text xml:space="preserve">micro\Iisg</token-text>
					<token-text xml:space="preserve">\</token-text>
					<token-unmatched-src-dn convert="true"/>
				</arg-dn>
			</do-find-matching-object>
		</actions>
	</rule>
</policy>
0
wnbahadoer
2/1/2006 1:04:19 PM
1) Firstly, let me apologise to "Father Ramon" and "ab" for cutting across 
their assistance.  Because the manager.engine-drivers forum doesn't yet 
appear in my Google Groups, I have to use my Newsgroup Reader to scan the 
forum and the reader led me to believe that your posting of 10:27 this 
morning was a first in thread.




2) Your Matching Rule states


<if-src-dn op="in-subtree" xml:space="preserve">micro\Iisg</if-src-dn>


Based on your XDS document, I would imagine that it should be


<if-src-dn op="in-subtree">OU=Iisg,DC=microiisg,DC=com</if-src-dn>




3) In your posting you state that you want the AD user class object 
instance to become associated with an eDirectory User class object instance 
of "cn=iisg,dc=microiisg,dc=com".   But that resembles an Active Directory 
distinguished name, not an eDirectory distinguished name.  What is the DN 
of the eDirectory User class object instance with which you wish to 
associate?




Rgds - M
0
Martyn
2/1/2006 1:49:06 PM
I'm no novell guru, so sorry for the late reply. I was searching the
internet how to do a Directory Service Trace, but with no succes. If I do a
set dstrace = on , in the console and a set ttf=on , I don't get anything.

You're right with the OU=.... It works in one direction meaning AD created
users are created in eDir (it's starting to work, thank to you). So let me
tell you in AD I have an OU right under the tree Ou=iisg,
dc=microiisg,dc=com and in eDir i have exactly the same
OU=iisg,dc=microiisg,dc=com.So i guess the most basic OU you can create in
a domain. 
0
wnbahadoer
2/1/2006 2:14:12 PM
My favourite means of using Trace is via HTML.

If the server where the DirXML engine is running is a Netware Box, then in 
browser do: 

http://netwareserver:8008/_LOGIN_SERVER_
or
https://netwareserver:8009/_LOGIN_SERVER_


If the server is Windows, then do 

https://windowsserver:8010/_LOGIN_SERVER



Then from the Menu select Trace.  When In Trace Configurationm, clear all 
the check boxes and check the box for DirXML Drivers.  Set Trace On and 
then look at the Live Trace


Rgds - M 
0
Martyn
2/1/2006 2:40:02 PM
See http://support.novell.com/cgi-bin/search/searchtid.cgi?/10065332.htm
--

Father Ramon


wnbahadoer@wanadoo.nl wrote:
> I'm no novell guru, so sorry for the late reply. I was searching the
> internet how to do a Directory Service Trace, but with no succes. If I do a
> set dstrace = on , in the console and a set ttf=on , I don't get anything.
> 
> You're right with the OU=.... It works in one direction meaning AD created
> users are created in eDir (it's starting to work, thank to you). So let me
> tell you in AD I have an OU right under the tree Ou=iisg,
> dc=microiisg,dc=com and in eDir i have exactly the same
> OU=iisg,dc=microiisg,dc=com.So i guess the most basic OU you can create in
> a domain. 
0
Father
2/1/2006 2:44:39 PM
Ok I got the trace going (dude, novell rocks better than windows :-). But
what next, since no user is created when I create it in eDir(reverse
direction works) I suggest I create one and put the DSTrace here. But first
look at what I got after restart the remote loader on win2k3. 

 Message: Remote driver successfully started.
addriver.dll PT:
DirXML Log Event -------------------
Driver: \MICRO\micro\ADeDirDriver\addriver.dll
Channel: Publisher
Status: Success
DrvADeDir ST:
DirXML Log Event -------------------
Driver: \MICRO\micro\ADeDirDriver\DrvADeDir
Channel: Subscriber
Status: Retry
Message: Code(-9006) The driver returned a "retry" status indicating that
the operation should be retried later. Detail from driver: No connection to
remote loader
DrvADeDir ST:
DirXML Log Event -------------------
Driver: \MICRO\micro\ADeDirDriver\DrvADeDir
Channel: Subscriber
Status: Retry 

This the eDir created user DSTrace: 

Unable to get nspm password(2) failed, no such entry (-601), subject Active
Directory.ADeDirDriver.micro, tree MICRO, object novuser1.Iisg.micro
Active Directory ST:
DirXML Log Event -------------------
Driver: \MICRO\micro\ADeDirDriver\Active Directory
Channel: Subscriber
Status: Error
Message: Code(-9065) Unable to determine value of attribute
nspmDistributionPassword for object \T=MICRO\O=micro\OU=Iisg\CN=novuser1.
Code(-9092) Unable to log message: {0}
Code(-9091) Unable to read DirXML-Log attribute from
\MICRO\micro\ADeDirDriver\Active Directory\Subscriber: {1}
Code(-9092) Unable to log message: {0}
addriver.dll ST:
DirXML Log Event -------------------
Driver: \MICRO\micro\ADeDirDriver\addriver.dll
Channel: Subscriber
Object: \MICRO\micro\Iisg\novuser1
Status: Warning
Message: Code(-8016) Operation vetoed by object matching policy.
DrvADeDir ST:
DirXML Log Event -------------------
Driver: \MICRO\micro\ADeDirDriver\DrvADeDir
Channel: Subscriber
Status: Retry
Message: Code(-9006) The driver returned a "retry" status indicating that
the operation should be retried later. Detail from driver: No connection to
remote loader
0
wnbahadoer
2/1/2006 3:24:13 PM
Reply:

Similar Artilces:

Creating eDir user not creating in AD
Creating new eDir users in root of the tree works fine creating new users in AD. However, when we try to create new eDir users in sub-container of tree, we get the following errors and users are not created in AD: 03/09/2006 17:14:22.60] Drvrs : Active Directory ST: DirXML Log Event ------------------- Driver: \THE_JEWISH_MUSEUM\MUSEUM\ADNDSXML\Active Directory Channel: Subscriber Object: \THE_JEWISH_MUSEUM\MUSEUM\JM_MIS_Department\RLax Status: Error Message: Code(-9010) An exception occurred: novell.jclient. JCException: modifyEntry -608 ER...

JDBC to eDir to AD (but in AD duplicated user created) issue
My client maintains user information through oracle database with JDBC driver, to e-directory (as identity vault), and then update AD. Administrator add a user in oracle and then update to e-directory is OK, but when update to AD, 2 users are created and one is rename as *username+/cnf:bed+GUID*, we need to know why it happen. This error does not happen but just recently. I have no idea how to find the cause. Please help. I would like to know what would be the possible cause or which direction to check? David keiwai -- keiwai ------------------------------------...

auto-Create Homedir on NW/edir, when user created in AD
Is there a simple way to auto-Create Homedirs on a Netware server for eDir users objects, when the user object creation initiates in AD ? I feel either that I have missed something simple - or that I'm looking at major XML coding - any help apprecieated :-) Running IDM 351 connecting eDir with AD in a bidir driver, but policy dictates creation of users from the AD side. -- bkelsen ------------------------------------------------------------------------ Hi bkelsen normally you can use the "old" template object within eDirectory and then in a policy u...

AD Driver not creating users
I am attempting to set up IDM to sync between eDir and AD. Groups are synchronizing correctly, but users are not. I have attached a copy of a trace 3 report that I believe references its attempts to create myself. I have tried migrating a single user (myself) that has a universal password enabled as well. Any suggestions are greatly appreciated. Thank you, Scott Forbus Network Administrator Greenfield Hebrew Academy +----------------------------------------------------------------------+ |Filename: sample trace IDM GHA.txt | |Download: http:...

Edir to AD users manager attrib
Does anyone have a way to sync the manager attribute in eDir to AD? I have the attribute syncing from my HR system on 2000+ accounts. I need to get it into our MSAD domain. The problem I keep running into is that the manager is not in the same OU so stripping off all but the cn and hard coding the OU from ad will not work. Any help would be appreciated. -- dyoungb ------------------------------------------------------------------------ On 12/6/2010 7:06 PM, dyoungb wrote: > > Does anyone have a way to sync the manager attribute in eDir to AD? I > have the a...

Adding aux class to users in AD with AD driver
Is there a trick to add an auxiliary class to user ID's in Active Directory when creating the AD user ID? I can add the aux class during modifies fine, but during creates I get "LDAP_OBJECT_CLASS_VIOLATION" I can create an AD user ID and add the aux class fine with and LDIF, but having problems doing this with the AD driver. IDM 3.6.1 Windows 2008 R2 I have this rule in my Sub create policy: <rule> <description>Users:DefaultAttributes</description> <conditions> <and> <if-class-name op="equal">User</if-...

Retrieving the new user ID after details have been created with Create New User Wizard
I've got a 'create new user' wizard set up with several additional wizard pages containing extra information. This information will be stored into the database when the CreatedUser event fires. However, I need to obtain the user ID of the newly created user. How can this be achieved? Assuming the user id is an Identity field that is generated in SQL, I would return the user id as an output parameter in your stored procedure and reference that parameter in your ASP.NET code.   I believe the code to get the identity value of a newly added record is: SELECT @myoutputp...

eDir-AD Driver: User Creation Policies
Hi, I am trying to create a policy that says if the workforceID starts with a "V" for a user in eDirectory, then create the same user in Active Directory. Currently we are provisioning all users in eDirectory to AD. But going forward, we would like to limit that. Here is the server information with the versions: Server Information EDIR-1-NDS: NAME EDIR-1-NDS IDENTITY VAULT VERSION 8.8 SERVER CONTEXT SERVERS.ADMIN SERVER ENGINE ID 2.0.2 SERVER ENGINE BUILD 61647 SERVER EDIR VERSION eDirectory for NT v8.7[DS] SERVER EDIR BUILD 1055260 I looked at the Actions list to...

AD driver placement of existing eDir users
SLES-10-OES2-SP2-x86_64 DirXML version is 3.6.10.36503 eDirectory for Linux v8.8 SP5 [DS] Remote Loader on Windows 2003 Domain Controller We have successfully tested the pre-configured MAD driver to synchronize "newly" created user accounts and passwords from eDir to AD. To date, these new user accounts have been created in a test OU in eDir and the Active Directory User Container in AD has been explicitly specified as a particular OU in AD. Now we would like to expand this so that "existing" eDir user accounts, spread across dozens of eDir OUs, will be auto...

Fan-Out Driver create user ids not from naming attribute
In our design, we would like to use fanout driver to sync user passwords to 10 linux target. However, the userids are not the naming attribute(not cn but lnxid in our case) What I understood from fan-out driver documentation is that I need to use cn or an alternate naming attribute as the loginid. Our user object has another attribute which has value of the userid of the platform . Is there any way to create users at the platform by using the value of that attribute? Lets say my user's dn is cn=test, ou=Users, o=tree and attribute lnxid has value of M3000. I would like to cr...

Catn not create user from eDir in the Ad (first steps..)
Install IDM3.5.1 on the OES2 Install RemoteLoader on the W2003(withAD) Create My First driver. Run Create in the eDir user. In the RemoteLoader log-file - no Error In the Subscriber Status Log i see this errors: .... Message 3: Wed Mar 12 14:25:57 EET 2008 Warning <status level="warning">Code(-8017) Operation vetoed by object creation policy.<application>DirXML</application> <module>Active DirectoryTEST</module> <object-dn>\AMI\ami\dntsk\aaa\b</object-dn> <component>Subscriber</component> </status> \AMI\...

Creating list for User added, on a JDBC Oracle Driver
Hi. I have a JDBC driver connecting to an Oracle Database. The Oracle Database is feeding my IDM Vault with users. I want to create a list that�s contains all User Add for one day ad a time. The list is used in a spreadsheet and word processor. Any good idea�s / solution on what to do? Running IDM 3.5.1 Windows Server 2003 R2 Regards Michael Michael, I would have thought the easiest way to do this would be to create a List class object for each day and add each newly created object's DN to that day's List object as a value in its Member attribute. Then you ...

Adding AD user to group on Create
I have a simple create rule that I was using so that when adding a user they would get added to a Security Group in AD. I kept getting "unwilling to perform" After troubleshooting for several hours, I decided to just try to add it with an LDIF to verify it can be done. I still get "unwilling to perform" using this simple LDIF dn: CN=hector, ou=staff, dc=testad3,dc=usg,dc=edu changetype: modify add: memberof memberof: cn=axgroup,ou=groups,ou=staff,dc=testad3,dc=usg,dc=edu Perhaps I do not fully understand AD groups as opposed to Novell groups? The abov...

Matching existing ADS users using entitlement driver (from eDir)
I'm having trouble matching existing ADS accounts. Even when I create an eDir user whitch sync's perfectly to ADS (just to make sure the values match ;-)) and then remove the association I get an error when I change a value to initatie an synchronisation between the eDir and ADS user to get them associated. Error: Message = <ldap-err ldap-rc="68" ldap-rc-name="LDAP_ALREADY_EXISTS> <client-err ldap-rc="68" ldap-rc-name="LDAP_ALREADY_EXISTS>Already Exists</client-err> <server-err>00000524: UpdErr: DIS-031A0F4F, problem...

Web resources about - Users not created in AD or eDir - novell.id-manager.drivers

Runs created - Wikipedia, the free encyclopedia
With regard to an offensive player, the first key question is how many runs have resulted from what he has done with the bat and on the basepaths. ...

Lexus Promotes 2014 Lexus IS With #LexusInstafilm, Created With Photos By Instagram Users
... in Angel Stadium in Anaheim, Calif., to promote the 2014 Lexus IS in a unique way by creating what it called “the first collaboratively created ...

I am Colin's mom, I created this page... - Happy Birthday Colin - Facebook
I am Colin's mom, I created this page for my amazing, wonderful, challenging son who is about to turn 11 on March 9th. Because of Colin's disabilities,... ...

Facebook allows targeting on page-created events
... to have a ladies’ night event, they could properly target so only women could see the event page. This capability is only for events created ...

PDF (file format) : How was the PDF format created?
Answer (1 of 6): I was there for the whole thing. It was the 90's and Adobe was doing well. In addition to the Systems department which handled ...

DrawTo - Send and receive drawings seeing as they are created on the App Store
Read reviews, compare customer ratings, see screenshots, and learn more about DrawTo - Send and receive drawings seeing as they are created. ...

The iconic statue of a knotted gun barrel outside U.N. headquarters was created by Swedish artist Fredrik ...
Rights Groups Warn Against Diluted Arms Trade Treaty By Tressia Boukhors UNITED NATIONS, Feb 18, 2012 (IPS) - After a week of tense negotiations, ...

Bad News Barrett Interview: Cody Rhodes created my gimmick, will BNB win the WWE title? more - YouTube ...
twitter.com/ChrisVanVliet 3-time Emmy winning Entertainment Reporter Chris Van Vliet from CBS-19 chats with Bad News Barrett in Cleveland. He ...

IMF warns GCC countries of $175 billion hole created by falling oil prices
The IMF believes that lower oil prices could knock nearly 1 percentage point off economic growth rates in GCC countries.

This is probably the world’s largest billboard created with MS Paint
The billboard, advertising Construct 2 game creation platform, was made with MS Paint. The billboard is by South Bermondsey station in south-east ...

Resources last updated: 1/3/2016 3:02:02 AM