ADAMSYNC userProxy - Question for Lee Flight

Hi Lee,

I want to replicate two distinct AD Databases in my ADAM instance but I
can´t convert the users into userProxy. When I syncronize only users (don´t
convert in .xml file to userProxy) it works.

My ADAM instance is installed on a machine that don´t belong on any of the
domains that I want to replicate (this machine is configured as stand alone
workgroup). Any problem with that? I need to be joined in the domain that I
want to replicate to my ADAM instance?

I´m asking that because it appears that I can´t convert users to userProxy
if I´m not joined in domain, I´m really confused and can´t understand in any
documentation that I have search.

I´m getting an "ldap_add_sW: Unwilling to perform - problem 5003 (will not
perform data 1317)" error.
The strange thing is that I can replicate without convert to userProxy. My
ADAM instance naming context is configured as "O=Openfire,C=BR" and I have
two domainDNS inside "DC=A" and "DC=B".

DC=A,O=Openfire,C=BR (domain A - First AD database that I want to
replicate to my ADAM)

DC=B,O=Openfire,C=BR (domain B - Second AD database that I Want to
replicate to my ADAM)

Like I said before, if I only replicate the objects I´m sucessfull, but if I
try to converte to proxyUser class (that I need because I will maintain only
one database to autenticate my Openfire IM users) I´m getting the message
error above.

Can you help me? Any idea?

Thanks in advance.

Denis Cyrillo - denis.cyrillo at anhaguera dot com

Hi

the 1317 error is telling you that the ADAM instance cannot resolve the
user that you are trying to create the proxy for. This makes sense as
userProxy
is only possible when the ADAM instance has a trust relationship (direct or
indirect)
with the domain that has the AD users being proxied. When you create just
native
ADAM users rather than userProxy the object created in ADAM is completely
independent (apart from some metadata) of the originating AD user.

In summary userProxy of AD DS users is only useful when the ADAM instance
has
a trust relationship with the domains which contain the users being proxied
as it needs
to perform windows authentication against those domains and this cannot be
the case
for standalone ADAM instance.

Lee Flight

"Cyrillo" <> wrote in message
news:8716413C-2622-4570-93E2-...
> Hi Lee,
>
> I want to replicate two distinct AD Databases in my ADAM instance but I
> can´t convert the users into userProxy. When I syncronize only users
> (don´t
> convert in .xml file to userProxy) it works.
>
> My ADAM instance is installed on a machine that don´t belong on any of the
> domains that I want to replicate (this machine is configured as stand
> alone
> workgroup). Any problem with that? I need to be joined in the domain that
> I
> want to replicate to my ADAM instance?
>
> I´m asking that because it appears that I can´t convert users to userProxy
> if I´m not joined in domain, I´m really confused and can´t understand in
> any
> documentation that I have search.
>
> I´m getting an "ldap_add_sW: Unwilling to perform - problem 5003 (will not
> perform data 1317)" error.
> The strange thing is that I can replicate without convert to userProxy. My
> ADAM instance naming context is configured as "O=Openfire,C=BR" and I have
> two domainDNS inside "DC=A" and "DC=B".
>
> DC=A,O=Openfire,C=BR (domain A - First AD database that I want to
> replicate to my ADAM)
>
> DC=B,O=Openfire,C=BR (domain B - Second AD database that I Want to
> replicate to my ADAM)
>
> Like I said before, if I only replicate the objects I´m sucessfull, but if
> I
> try to converte to proxyUser class (that I need because I will maintain
> only
> one database to autenticate my Openfire IM users) I´m getting the message
> error above.
>
> Can you help me? Any idea?
>
> Thanks in advance.
>
> Denis Cyrillo - denis.cyrillo at anhaguera dot com

Thanks Lee!


"Lee Flight" wrote:

> Hi
>
> the 1317 error is telling you that the ADAM instance cannot resolve the
> user that you are trying to create the proxy for. This makes sense as
> userProxy
> is only possible when the ADAM instance has a trust relationship (direct or
> indirect)
> with the domain that has the AD users being proxied. When you create just
> native
> ADAM users rather than userProxy the object created in ADAM is completely
> independent (apart from some metadata) of the originating AD user.
>
> In summary userProxy of AD DS users is only useful when the ADAM instance
> has
> a trust relationship with the domains which contain the users being proxied
> as it needs
> to perform windows authentication against those domains and this cannot be
> the case
> for standalone ADAM instance.
>
> Lee Flight
>
> "Cyrillo" <> wrote in message
> news:8716413C-2622-4570-93E2-...
> > Hi Lee,
> >
> > I want to replicate two distinct AD Databases in my ADAM instance but I
> > can´t convert the users into userProxy. When I syncronize only users
> > (don´t
> > convert in .xml file to userProxy) it works.
> >
> > My ADAM instance is installed on a machine that don´t belong on any of the
> > domains that I want to replicate (this machine is configured as stand
> > alone
> > workgroup). Any problem with that? I need to be joined in the domain that
> > I
> > want to replicate to my ADAM instance?
> >
> > I´m asking that because it appears that I can´t convert users to userProxy
> > if I´m not joined in domain, I´m really confused and can´t understand in
> > any
> > documentation that I have search.
> >
> > I´m getting an "ldap_add_sW: Unwilling to perform - problem 5003 (will not
> > perform data 1317)" error.
> > The strange thing is that I can replicate without convert to userProxy. My
> > ADAM instance naming context is configured as "O=Openfire,C=BR" and I have
> > two domainDNS inside "DC=A" and "DC=B".
> >
> > DC=A,O=Openfire,C=BR (domain A - First AD database that I want to
> > replicate to my ADAM)
> >
> > DC=B,O=Openfire,C=BR (domain B - Second AD database that I Want to
> > replicate to my ADAM)
> >
> > Like I said before, if I only replicate the objects I´m sucessfull, but if
> > I
> > try to converte to proxyUser class (that I need because I will maintain
> > only
> > one database to autenticate my Openfire IM users) I´m getting the message
> > error above.
> >
> > Can you help me? Any idea?
> >
> > Thanks in advance.
> >
> > Denis Cyrillo - denis.cyrillo at anhaguera dot com
>
>
> .
>