Updating custom boolean attribute in Active Directory via OIM

The adapters delivered with the AD connector support updating standard attributes (string) and multi-value attributes, but I can't seem to figure out how to update a custom Boolean attribute in AD via OIM. The delivered Boolean fields all appear to have custom adapters (ie Account Locked, Password Never Expires, etc.)
I've tried using the delievered adpADCSCHANGEATTRIBUTE adapter, but it fails (as expected) with:
+com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : updateDetails : Attributes cannot update:[LDAP: error code 21 - 00000057: LdapErr: DSID-0C090B73, comment: Error in attribute conversion operation, data 0, v1772 ]+
Suggestions?

No I don't have custom boolean attributes in AD. But I added custom attributes of other types.
When you say custom, do you mean it did not come with the out of the box AD connector, but exists in the Active Directory of your organization?
There are a few attributes in AD which look like they are boolean when you see the AD console but are actually different. Look at the link for details.
[http://support.microsoft.com/kb/305144]
Look at this post for context.
AD Provisioning - Password never expires & User must chg pwd at next logon
Thanks,
M

Similar Messages

  • Adding Custom Attributes in Activie Directory

    hi 
    i've a requirement of getting few user properties from Active Directory into the user profile,for example i need the following properties.
    user image
    user birthday
    user employee number
    these properties are not available in the active directory,so how can i add these into the active directory and secondly how can i insert image of the user into the active directory property for image

    There are two ways here.
    First:
    You can ask your AD administrator to create an attribute for you so that you can use it.
    Second:
    You can use the thumbnailPhoto attribute for Images
    You can use Employee ID for employee number
    You can use roomnumber for Birthday. Birthday attribute is not present in AD. So, we would have to use some other attribute which matches. So, i would personally request you to create a new attribute inside AD for the same. For this please follow
    this URL.
    Thank You, Pallav S. Srivastav ----- If this helped you resolve your issue, please mark it Answered.

  • Db10g external password authentication with Active Directory via OID

    HI ALL
    - i have the synchronization AD-to-OID
    - i have the external authorization of AD users via SSO (external authorization plug-in)
    - i have the DB10g enterprise authorization of OID native users who have their password in OID (global schema)
    - but i cann't configure the DB10g autorization of AD-to-OID synchronized users who don't have their password in OID
    error:
    ORA-28274: No ORACLE password attribute corresponding to user nickname exists.
    i.e. those users are not recognized as users with external passwords.
    Any ideas, please ...

    Funny thing - LDAP (OID and Active Directory) defines a generic heirachical database. Like any other generic database, you need to define the schema to define what data is to be captured.
    Each LDAP application expects a certain schema. That includes Enterprise User Security (part of the Advanced Security Option).
    To accomplish what you want to do
    1) get familiar with the Enterprise User Security capability (see the EUS documentation at tahiti)
    2) learn to configure SQLNet / Oracle Networking to use LDAPthat is responsib (''cause it's Oracle Networking responsible for the login)
    3) Reverse the schema from OID and transport it to AD
    Aside from that, it's a no-brainer.

  • Db10g external password authentication from Active Directory via OID

    HI ALL
    - i have a synchronization AD-to-OID (OAS 10.1.2 (Infra)cold failover cluster, 2 nodes)
    - i have external authorization of AD users via SSO (external authorization plug-in)
    - i have RAC DB(10.1.0.3, 2 nodes) enterprise authorization of OID native users who have their passwords in OID (global schema)
    - but i cann't configure DB autorization of AD-to-OID synchronized users who don't have their passwords in OID
    error:
    ORA-28274: No ORACLE password attribute corresponding to user nickname exists.
    i.e. those users are not recognized as users with external passwords.
    Any ideas, please ...

    I've gone through that thread a few times already, but it only covers infrastructure based on Sun JDS, which seems to pose less problems than Active Directory. Many others refer only to hand-compiled OpenLDAP installations which are quite different to configure... sigh
    I have, however, managed to get the base system running - meaning I can see Solaris ask LDAP for locally unknown user and group names - but all I get back is Unknown Object.
    Here's a snoop dump of one of the failed requests, in hope someone here can shed some light on the problem:
    request from my server to the LDAP box:
    LDAP: [Base Object]
    LDAP: ou=people,OU=Austria,DC=AT,DC=OurADdomain,DC=com
    LDAP: [Scope]
    LDAP: wholeSubtree
    LDAP: Equality Match *[3]
    LDAP: [Attr Descr]
    LDAP: objectClass
    LDAP: [Value]
    LDAP: posixAccount
    LDAP: *[3]
    LDAP: [OctetString]
    LDAP: uid
    LDAP: [OctetString]
    LDAP: myusername
    reply from the LDAP server:
    LDAP: [Error Message]
    LDAP: 0000208D: NameErr: DSID-031001CD
    LDAP: , problem 2001 (NO_OBJECT), data
    a) our Active Directory 2003 R2 with the default Unix schema does not seem to implement the objectClass=posixAccount attribute, although the documentation on MSDN suggests that attribute should be there. I'm atm about to get some MS guy to solve this..
    b) The base object DN seems to always get prefixed with ou=people - why? I didn't enter that field with ldapclient, and that orgunit does not exist in AD per default. How can I prevent Solaris from modifying my search path in that way? I think this is one of the reasons why I keep getting no-object-errors.
    c) Our AD doesn't seem to offer a way to create/modify the unix object classes shadowExpire, shadowFlag and others for password management. Are those strictly necessary - i.e. will I run into new problems with those if I managed to solve a) and b)?

  • Why do I get general access denied trying to update my own field in Active Directory?

    I am trying to update a field pertaining to my own user object in Active Directory using ADSI and C++ app. The operating system
    is Windows Server 2012 Standard.
    I am able to read, I am able to call Put without problems, but when I call SetInfo, it returns with "General access denied". I have
    confirmed that it's my own user object I'm trying to access.
    I obtain my own FQDN like this:
    GetUserNameEx(EXTENDED_NAME_FORMAT::NameFullyQualifiedDN, pszFullyQualifiedDN, &dwFullyQualifiedDN);
    Then I use it like this:
    LPTSTR pszObj = (LPTSTR)LocalAlloc(LPTR, dwMemToAlloc);
    wcscpy_s(pszObj, dwMemToAlloc / sizeof(TCHAR), L"LDAP://");
    wcscat_s(pszObj, dwMemToAlloc / sizeof(TCHAR), pszFullyQualifiedDN);
    I bind to an object like this:
    ADsGetObject(pszObj, IID_IADs, (LPVOID*)&pObject);
    This call succeeds:
    pObject->Get(CComBSTR("Description"), &var);
    This call also succeeds:
    VariantClear(&var);
    V_BSTR(&var) = SysAllocString(L"Some new value");
    V_VT(&var) = VT_BSTR;
    hr = pObject->Put(CComBSTR("Description"), var);
    Trying to commit the above change using the following:
    pObject->SetInfo();
    This is where it fails.
    It returns E_ACCESSDENIED General access denied error.
    As you can see, that is my own user object I am trying to update. To my understanding that is supposed to work provided I am a member of Domain
    Users group. Which I am.
    What could possibly be the problem?

    The problem is that in Windows Server 2012 Domain Controller, permission to write to public (and personal,
    for that matter) properties is not granted to "SELF". The field I am trying to write to belongs to public properties. The only property set a user is able to change for himself in Windows Server 2012, by default, seems to be "Private-Information",
    which consists of ms-PKI-Credential-Roaming-Tokens,ms-PKI-RoamingTimeStamp, ms-PKI-DPAPIMasterKeys, ms-PKI-AccountCredentials
    Why on earth a user doesn't have permission to write to his own personal fields in Windows Server 2012 AD, Microsoft??!?!?!

  • How to ge the value for attribute for terminal services attribute in Active Directory from userParameters attribute

    I am using dirsync to get  the attributes value that have changed in Active Directory(changelog).
    The following link explains how the dirsync is used to get attribute values :
    'http://blogs.technet.com/b/isrpfeplat/archive/2010/09/20/using-the-dirsync-control.aspx'
    I am changing the attribute Local path under Remote Desktop Services Profile of a user. I have ran a client which uses dirsync to get the changed objects in AD.
    In the client the attribute that is changed is `userParameters` and the value is in encrypted form. 
        CtxCfgPresent                                   P☺CtxCfgPresent???? ☻☺CtxWFProfi
        lePath?↑→☺CtxWFHomeDir?????????????"☻☺CtxWFHomeDirDrive?☺CtxShadow????☺CtxMaxDis
        connectionTime????☺CtxMaxConnectionTime????☺CtxMaxIdleTime???? ☻☺CtxWorkDirector
        y?☺CtxCfgFlags1????"☻☺CtxInitialProgram?
    Is there a way to get  the actual value form the userParameters.

    Hi,
    What about other changed attributes? Are other attributes retrieved by DirSync control turn to be encrypted form?
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • How to handle SQL connection if password Active directory always change? (Connection using Active directory via network SQL 2012 )

    I have 3 server (Web server, database sql 2012 server and Active directory). I'm using sqlsvr version 3.0,  PHP version 5.3 ,IIS version 7 and windows server 2008.
    Right now my php connection to SQL 2012 using AD id, so How to handle if password on active directory change?

    Solved : Using Kaberos

  • Ldap Sync: User is not able to create in Active Directory through OIM

    Hi ,
    I have enabled the ldap sync between OIM and Active Directory.
    Option 1: with password
    While creating the new user in OIM , I am getting the below error .
    80eeb34d89d5ed80:18bc05bb:1403be9d7e6:-8000-000000000008f710,0] [APP: oim#11.1.2.0.0] Could not modify entry.[[
    javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
    remaining name 'cn=ADTESTLDAp10F ADTESTLDAp10LL,cn=Users,dc=cgtest,dc=adtest,dc=com'
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
      at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1458)
      at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
      at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
      at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
      at oracle.ods.virtualization.engine.backend.jndi.ConnectionHandle.modify(ConnectionHandle.java:301)
      at oracle.ods.virtualization.engine.backend.jndi.BackendJNDI.modify(BackendJNDI.java:781)
    [2013-08-04T17:06:58.840-07:00] [oim_server1] [ERROR] [OVD-60600] [oracle.ods.virtualization.engine.util.ADUtilities] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 80eeb34d89d5ed80:18bc05bb:1403be9d7e6:-8000-000000000008f710,0] [APP: oim#11.1.2.0.0] Cannot set password : LDAP Error 53 : [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0[[
    Looks like password is not able to set properly. But I am able to create the same user in AD using the same password.
    Option 1: without password
    Another testing, I have also tried to create user without password.  There is no error coming to log file. and I am able to see the below message in log file
    oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPPreProcessHandler] [APP: oim#11.1.2.0.0] [SRC_METHOD: createUser] User created in LDAP with GUID 9dc8f6f4b8564216a5d75d86f7cad0a2
    But user is not created in AD . this is another issue.
    Thanks,
    Amit

    Thanks for your reply.
    I have seen sample xml and my target looks the same
    <wlserver dir="${weblogic.domain.dir}"
                             port="${weblogic.domain.admin.server.port}"
                             servername="${weblogic.domain.admin.server.name}"
                             username="${weblogic.domain.admin.user}"
                             domainname="${weblogic.domain.name}"
                             password="${weblogic.domain.admin.password}"
                             configFile="config.xml"
                             generateConfig="true"
                             action="start"
                             beahome="${env.BEA_HOME}"/>
    my requirement is to use ant task.. otherwise I am able to create through configuration wizard
    Thanks

  • Cannot bind when using "pwdLastSet" attribute in Active Directory

    Admin resets the password & enables user has to change password at next logon, when i try to change user password, I couldn't able to bind the user & it shows error Such as
    Since Authentication fails, he could able to modify the attribute[pwdLastSet].
    please suggest me any solution
    Error occured
    xyz is not authenticated javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 773, vece
    javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090A1A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
    Since i couldn't able to bind the user, i cann;t able to change user password. Here is my program :
    {code}public class Fastbindclient_changePwd extends HttpServlet{
    class ldapfastbind {
    class FastBindConnectionControl implements Control {
    public byte[] getEncodedValue() {
    return null;
    public String getID() {
    return "2.16.840.1.113730.3.4.2";
    public boolean isCritical() {
    return Control.CRITICAL;
    public ldapfastbind(String ldapurl) {
    env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PROTOCOL, "ssl");
    env.put(Context.PROVIDER_URL, ldapurl);
    connCtls = new Control[] { new FastBindConnectionControl() };
    try {
    ctx = new InitialLdapContext(env,connCtls);
    catch (NamingException e) {
    public int Authenticate(String username, String password, HttpServletRequest request, HttpServletResponse response) throws LDAPException{
    try {
    ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,username);
    ctx.addToEnvironment(Context.SECURITY_CREDENTIALS,password);
    ctx.reconnect(connCtls);
    System.out.println(username + " is authenticated");
    return 0;
    catch (AuthenticationException e) {
    int index5= errMsg.indexOf("data 773");
    if(index5 != -1)
    try {
    pwdLastSet = 1;
    System.out.println("Password Last Set "+pwdLastSet);
    String j_username=request.getParameter("j_username");
    String j_password=request.getParameter("j_password");
    String new_password=request.getParameter("new_password");
    String change_password=request.getParameter("change_password");
    boolean isChanged = ctxFast.ChangePassword(j_username, j_password, new_password, request, response);
    } catch (IOException e1) {
    catch (NamingException e) {
    return 0;
    public boolean ChangePassword(String sUserName, String sOldPassword, String sNewPassword, HttpServletRequest request, HttpServletResponse response) throws UnsupportedEncodingException {
    try {
    ModificationItem[] mods = new ModificationItem[1];
    ModificationItem[] mods1 = new ModificationItem[1];
    String oldQuotedPassword = "\"" + sOldPassword + "\"";
    byte[] oldUnicodePassword = oldQuotedPassword.getBytes("UTF-16LE");
    String newQuotedPassword = "\"" + sNewPassword + "\"";
    byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16LE");
    System.out.println("newUnicodePassword" + newUnicodePassword);
    System.out.println("printed before modify");
    mods[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
    ctx.modifyAttributes("cn="+sUserName+",cn=Users,dc=tc,dc=com", mods);
    mods1[0] = new ModificationItem(LdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("pwdLastSet", "-1"));
    System.out.println("pwdLastSet Replaced");
    /* mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("unicodePwd", oldUnicodePassword));
    mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("unicodePwd", newUnicodePassword));
    ctx.modifyAttributes("cn="+sUserName+",cn=Users,dc=tc,dc=com", mods1);
    ctx.close();
    return true;
    catch (AuthenticationException e) {
    if(index5 != -1)
    try {
    pwdLastSet = 1;
    System.out.println("Password Last Set "+pwdLastSet);
    String j_username=request.getParameter("j_username");
    String j_password=request.getParameter("j_password");
    String new_password=request.getParameter("new_password");
    String change_password=request.getParameter("change_password");
    boolean isChanged = ctxFast.ChangePassword(j_username, j_password, new_password, request, response);
    } catch (IOException e1) {
    // TODO Auto-generated catch block
    e1.printStackTrace();
    return false;
    catch (NamingException e) {
    return false;
    public void finito() {
    try {
    ctx.close();
    System.out.println("Context is closed");
    catch (NamingException e) {
    System.out.println("Context close failure " + e);
    public void bindClient(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
    String ldapurl = "ldaps://172.22.0.99:636";
    String keystore = "D:/j2sdk1.4.2_04/jre/lib/security/CACert.ks";
    System.setProperty("javax.net.ssl.trustStore",keystore);
    ctxFast = new ldapfastbind(ldapurl);
    try {
    IsAuthenticated = ctxFast.Authenticate(request.getParameter("j_username"),request.getParameter("j_password"), request, response);
    boolean isChangedNrml;
    if(pwdLastSet == 0)
    isChangedNrml = ctxFast.ChangePassword(j_username, j_password, new_password, request, response);
    System.out.println("b4 change");
    System.out.println("After change 1");
    } catch (LDAPException e) {
    System.out.println("LDAP Exception : " + e.getLDAPResultCode() + "LDAPMessage : " + e.getLDAPErrorMessage()+ "message : " + e.getMessage());
    e.printStackTrace();
    String errMsg = e.getMessage();
    System.out.println("error msa"+errMsg);
    ctxFast.finito();
    public ldapfastbind ctxFast = null;
    public int pwdLastSet = 0;
    }please suggest me solution
    Thanks in Advance..

    See my other reply concerning "user must change password" and the chicken & egg problem.
    In addition when using the LDAP Fast Bind control, it is only used to authenticate a user (verify credentials).
    If the user has the "user must change password" setting enabled, then the LDAP Fast Bind Connection Control will always fail the authentication attempt.
    Furthermore, the LDAP Fast Bind control does not create a Windows token, and even of the user had successfully authenticated, it does not permit the user to perform other operations againts the directory such as modify attribute values or change passwords.
    You must perform a full LDAP bind in order to allow a user to change their password or to modify other attribute values.

  • Querying Active Directory via linked server in SQL2012

    I'm attempting to create a view in SQL2012 which I can then use in SharePoint 2013.  I need a list of the users in an AD group called DeviceAdmins.  I got this query to work, but
    it only gives me the name of the group DeviceAdmins, not the members of that group. What am I doing wrong?
    SELECT
    top200
    name,telephonenumberFROMOPENQUERY
    ADSI,'SELECT
    NAME,telephonenumber FROM ''LDAP://CN=DeviceAdmins,OU=security groups,dc=xxx,dc=yyy,dc=com''')

    Hi mkrener212,
    Based on my knowledge, You can retrieve single-valued attributes like "sn" (surname = last name) or "givenName" and "mail" and so forth, but the SQL-based interface isn't capable of handling attributes like "memberOf" with several values assigned to them. 
    So I'm afraid you'll have to go another way for this problem - e.g. find and populate the group membership in managed code.
    What's more, this is the forum for Directory Services, you can go to the following SQL forum to get more professional help:
    http://social.technet.microsoft.com/Forums/en-US/home?category=sqlserver
    Regards,
    Lany Zhang

  • Update email on IT0105 from Active Directory using LDAP connector

    Hi,
    I see lots of  threads in this area, but none on this particular requirement.
    The requirement is simply to retrieve email addresses from AD by feeding the employee number into the LDAP connector. The email address returned would then be used to update the email field on IT0105.  (Our AD is set up with employee number as key)
    Does anyone know if there are any standard reports or functionality around to allow the customer to do this? I would prefer to rule this option completely out before looking at writing an abap to do the job.
    Regards
    Phil

    hi
    check if the below link of any use to you
    http://help.sap.com/saphelp_nw04s/helpdata/en/eb/0bfa3823e5d841e10000000a11402f/frameset.htm
    regards
    sameer

  • Accessing Terminal Services Attributes from Active Directory LDAP property userParameters

    After many years of complaints, Microsoft has done little to address the overwhelming outcry for information on the accessing the Terminal Services properties through LDAP.
    I found this document that fully describes the Encode/Decode mechanism for the userParameters attribute.
    https://msdn.microsoft.com/en-us/library/ff635189.aspx
    The property is used for more than terminal services, but even Microsoft is confused about it's use it would seem.  I won't go into details, but for all those trying to access the terminal services attributes, this document should help.
    I have not yet converted the mapping into a JAVA module, so please don't ask for help.  I just need a more public place to put this, than the currently buried location at microsoft, to make for easier retrieval from the web community of java developers.

    Hi,
    What about other changed attributes? Are other attributes retrieved by DirSync control turn to be encrypted form?
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Add new attribute in active directory schema

    Hi
    I need to add two new attribute in Schema in my forest for the user class.
    Attribute name is jobclasscode and jobclass.
    How can I achieve it ? and where can I get X.500 OID.
    we are running on below AD forest:
    DFL and FFL : windows server 2003
    DCs: AD 2008 R2.

    Hi,
    You can use LDIFDE command from to export the schema attributes to <filename>.ldf (can be edited using notepad) as given below,
    ldifde -f c:\<filenmae>.ldf -d "cn=schema,cn=configuration,dc=<mydomain>,dc=<com>"
    Checkout the below thread on similar discussion,
    http://social.technet.microsoft.com/Forums/windowsserver/en-US/6789d4c2-1027-4a64-9f04-eaf7996893c5/ldifde-command-to-export-everything
    Regards,
    Gopi
    JiJi
    Technologies

  • Clear date attribute in Active Directory

    Hello!
    I've created attribute "birthdate" with syntax "Generalized Time" and fill up some user's info.
    Now I want to chane it to string but I can't.
    I can't delete or modify attribute because it is already set for some users. 
    But I can't clean it because $null can't be valuse of this attribute.
    What should I do?
    This topic first appeared in the Spiceworks Community

    Try it like this:
    if ($manager -ne $null) { #if mananger if not null
    Try {
    $manager = (Get-ADUser -filter 'displayname -like $manager').samAccountName
    set-aduser $samaccountname -Manager $manager #set mananger
    } Catch {$managerErrorList += "name: $name manager: $manager"}
    } Else {
    $managerErrorLIst += "name: $name manager: $manager"
    It won't be very efficient if you have a large organization, but it will be more efficient than the multiple Get-ADUser commands you have in your script now.
    Not sure what you're doing with your errors, you might change the Catch statement to more accurately reflect what that type of error means to you.
    I hope this post has helped!

  • Update the proxyaddresses attribute via rsldapsync_user

    Dear Gurus,
    i configured a ldap-scenario and tested it by reading different attributes from the directory and updating the user information.
    It worked well!
    Now i want to write the proxyaddresses-attribute into the directory. i configured an exporting mapping from the e-mail address of the sap-user to the mentioned dir.-attr.. In this mapping i call a function module. For simple testing i call an ldap-module to read the actual values of the directory-attribute and write them back to the directory:
      Read table attributes with Key var = 'USERNAME' fld = 'BAPIBNAME' assigning <hybral>.
      READ TABLE <hybral>-vals index 1 ASSIGNING <vals>.
      CONCATENATE '(&(objectclass=user)(samaccountname=' <vals>-val '))' into filter.
      CALL FUNCTION 'LDAP_READ'
         EXPORTING
    *   BASE                = ''
         base_string         = 'ou=test-ou,dc=test-domain1,dc=test-domain2'
         scope               = 2
         filter              = filter
    *   FILTER_STRING       =
    *   TIMEOUT             =
         attributes          = it_attr
         IMPORTING
           ldaprc              = ldaprc
           entries             = ldapetab
         EXCEPTIONS
           no_authoriz         = 1
           conn_outdate        = 2
           ldap_failure        = 3
           not_alive           = 4
           other_error         = 5
           OTHERS              = 6
      READ TABLE ldapetab INDEX 1 ASSIGNING <ldape>.
      READ TABLE <ldape>-attributes WITH KEY name = 'PROXYADDRESSES' INTO ls_attribute_ldap.
      ls_attribute_ldap-typ = 'C'.
      INSERT ls_attribute_ldap INTO TABLE attributes_ldap.
    at the end of the module i export the values into attributes_ldap. When i debug the folowing steps, the values are cummincated throughout the ldap-function-modules that are used by rsldapsync_user. The ldap_modify module exports a returncode 53.
    Now i want to know if it is possible to update the proxyaddresses-attribute in this manner. Are there any mistakes in my thinking or in the posted function-module. Does anyone of you have some experience updating multiple line entries in Active Directory via SAP-LDAP?
    Thanks in advance

    Now i wrote a function module which reads an attribute and tries to write it back to the active directory.
    *"*"Lokale Schnittstelle:
    *"  IMPORTING
    *"     REFERENCE(IP_UNAME) TYPE  XUBNAME
    *"  EXPORTING
    *"     VALUE(EP_MAIL) TYPE  STRINGVAL
      DATA: wa_attr TYPE ldapas,
            it_attr TYPE ldapastab,
            ldapetab TYPE ldapetab,
            ldaprc TYPE ldapdefs-ldrc,
            filter TYPE ldap_filt.
      FIELD-SYMBOLS:
            <ldape>   TYPE ldape.
      wa_attr-typ = 'C'.
      wa_attr-name = 'SAMACCOUNTNAME'.
      APPEND wa_attr TO it_attr.
      wa_attr-name = 'PROXYADDRESSES'.
      APPEND wa_attr TO it_attr.
      CONCATENATE '(&(objectclass=user)(samaccountname=' ip_uname '))' INTO filter.
      CALL FUNCTION 'LDAP_SYSTEMBIND'
       EXPORTING
         serverid            = 'WSWACTIVEDIR'
       writeread           = 'W'
    *   WAIT_TIME           = 0
       IMPORTING
         ldaprc              = ldaprc
    *   BASEDN              =
    *   BASEDN_STRING       =
    * CHANGING
    *   HOLDSESS            = 0
    * EXCEPTIONS
    *   NO_AUTHORIZ         = 1
    *   CONFIG_ERROR        = 2
    *   NOMORE_CONNS        = 3
    *   LDAP_FAILURE        = 4
    *   NOT_ALIVE           = 5
    *   OTHER_ERROR         = 6
    *   OTHERS              = 7
      IF sy-subrc <> 0.
    * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
    *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
      ENDIF.
      CALL FUNCTION 'LDAP_READ'
       EXPORTING
    *   BASE                = ''
       base_string         = 'ou=wsw-benutzer,dc=stadtwerke,dc=loc'
       scope               = 2
       filter              = filter
    *   FILTER_STRING       =
    *   TIMEOUT             =
       attributes          = it_attr
       IMPORTING
         ldaprc              = ldaprc
         entries             = ldapetab
       EXCEPTIONS
         no_authoriz         = 1
         conn_outdate        = 2
         ldap_failure        = 3
         not_alive           = 4
         other_error         = 5
         OTHERS              = 6
      IF sy-subrc <> 0.
    * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
    *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
      ENDIF.
      READ TABLE ldapetab INDEX 1 ASSIGNING <ldape>.
      CALL FUNCTION 'LDAP_UPDATE'
        EXPORTING
          entry              = <ldape>
       IMPORTING
         ldaprc             = ldaprc
    * EXCEPTIONS
    *   NO_AUTHORIZ        = 1
    *   CONN_OUTDATE       = 2
    *   PARAM_ERROR        = 3
    *   LDAP_FAILURE       = 4
    *   HEXVAL_ERROR       = 5
    *   NOT_ALIVE          = 6
    *   OTHER_ERROR        = 7
    *   OTHERS             = 8
      IF sy-subrc <> 0.
    * MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
    *         WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
      ENDIF.
    After LDAP_READ the ldaprc = 0.
    After LDAP_READ ldaprc is 53.
    So i can exclude a wrong mapping in transaction ldap.
    Edited by: Jan Martin Müller on Jun 9, 2010 3:17 PM

Maybe you are looking for

  • Moving some Inbox Emails to subfolders leaves a duplicate copy in the inbox

    Hi All hope you can offer some advice on this strange issue we are having. We have recently installed a SBS2011 server. During installation I updated Exchange to SP3 (which we always do) We created .PST for each user and imported email using powershe

  • How do I import video from my dvd drive?

    I made a video in an older version of iMovie sometime ago. I would now like to import that video again into iMovie to update it. I cannot figure out how to add the clips to my events from the DVD drive. I can't believe there is not a simple way to do

  • How to use OCCI to develop with vc++2008(vs2008)

    I know, there is two way to use OCCI.one is using instant client,another is using oracle database/client;(*actually,i'm not sure that is right)* I install oracle client(10.2.0.1) completely in my computer. I make a simple program to test, when i buil

  • PDFs open in Photoshop?

    I have adobe Reader 8 but when I try to open a PDF, they always open up in my Adobe Photoshop Elements 2 program. Anything I can do to make them open in Reader? Thanks

  • Trouble setting up QT Pro

    Okay I've never used this site so please bear with me. Here's my problem...I need to export a dv out file I created inside my video editor program and I have done this a million times before. But suddenly I find a problem I've never encountered befor