I am evaluating ADAM using the Sept '05 Step-by-step Guide to Deploying
ADAM. My goal is to show that I can create user proxy objects for
users (mine) that are in AD but enrich them with new attributes and
group membership in ADAM.
I've set up an ADAM instance on my local machine, which is part of an
Active Directory Domain.
I do not have an SSL cert, so I followed the instructions to disable
the SSL requirement for bind redirection.
I am stuck on the step (page 63) _Creating and Binding with an ADAM
Proxy Object_, in which I'm supposed to use ldp.exe to add a child for
my new userProxy.
I get this error message:
***Calling Add...
ldap_add_s(ld, "cn=testproxy,o=microsoft,c=us", [2] attrs)
Error: Add: Unwilling To Perform. <53>
Server error: 000020E7: SvcErr: DSID-03152AA9, problem 5003
(WILL_NOT_PERFORM), data 87
Error 0x20E7 The modification was not permitted for security reasons.
net helpmsg 87 says "The parameter is incorrect"
The parameters I'm using are ObjectClass=userProxy and
objectSID=<MyDomain>\<MyLANID>
I got an ldif dump of my user object from AD and noticed that the case
for objectSID is shown there as objectSid. Not sure if that matters --
I tried both ways with same result. At any rate, I copied the encoded
binary version from that to ldp.exe and now the error message is:
***Calling Add...
ldap_add_s(ld, "cn=testproxy,o=microsoft,c=us", [2] attrs)
Error: Add: Constraint Violation. <19>
Server error: 00002082: AtrErr: DSID-03151346, #1:
0: 00002082: DSID-03151346, problem 1005 (CONSTRAINT_ATT_TYPE), data
0, Att 90092 (objectSid):len 52
Error 0x2082 A value for the attribute was not in the acceptable range
of values.
What am I missing?
Bookmarks