Powerful Directory Management Tool

[1911drb]

Hi,
I'm fairly new to LDAP. I have downloaded OpenLdap and
created a ldif file that works fine. My problem is that I cannot
load the ldif file when using Active Directory because the
"groupOfNames" object. I would like to design the schema to
work with both, but I'm starting to wonder if it is possible?

Below is the segment that works with OpenLDAP. With Active Directory
I get the error:
Failed to add new entry cn=TrendFailureAccess, ....
LDAP: error code 16 - 0000005: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece )


# Quality Perissions for TPW Application
dn: cn=Trend FailureAccess,ou=functionality,ou=TPW,dc=webspun,dc=net
objectclass: top
objectclass: groupOfNames
cn: Trend Failure Access
member: uid=dbritton
member: uid=jbertoia
member: uid=webspun

Can anyone comment on using the "groupOfNames" object with AD? Is it possible? Is the syntax of the ldif file different?

Thanks in advance for any help
David

[Alex]

I don't think I've ever seen that attribute.
What happens if you just use "group"?

Does Active Directory even use groupOfNames?

[Support]

I guess the problem is that you use RDN instead of DNs.
e.g. uid=dbritton instead of something like uid=dbritton,ou=users,dc=webspun,dc=net

Active Directory unlike some other servers always check referential integrity for the member attribute.

[enewman]

Active Directory does not use groupOfNames unless you have loaded the SFU schema. The other issue is that AD uses DN format for membership whereas groupofNames uses account uid (i.e. short login name).

One of the challenges of UNIX integration with LDAP and AD is this difference - shortname vs distinguished name.