Referrals with 2 ADAM Instances drm <don.mai[ at ]westernsouthernlife.com> 12/22/2008 7:39:20 PM I have created two ADAM instances on two different servers and would like to create a referral from the first to the second. The DN of the first instance is ou=NorthEast,ou=Customers,o=Company,dc=com and the DN of the second instance is ou=NorthWest,ou=Customers,o=Company,dc=com. How do I create a referral to it from the first? I tried to create a crossRef object in the Partition of the first instance to the second using ADSI edit but keep getting an "Element not found" message. What am I missing/doing wrong? Both boxes are w2k3 sp1. The attributes that I used when creating the crossRef object are as follows: cn=NW dnsRoot=server2:389:636 enabled=true nCName=ou=NorthWest,ou=Customers,o=Company,dc=com Note: I also tried creating both instances on the same box, changing the dnsRoot to localhost:50000:50001 and received the same results.

Re: Referrals with 2 ADAM Instances "Lee Flight" <lef[ at ]le.ac.uk-nospam> 12/24/2008 12:31:08 AM Hi at what point do you get "Element not found"? I just tried a repro on ADAM SP1: opened ADAM ADSIedit connected to the configuration naming context of ADAM instance1 right-click on CN=Partitions -> New ->Object... crossRef was prompted for and entered cn was prompted for and entered nCName On the finish page More Attributes added dnsRoot Then Finish enabled=True is default so no need to add explicitly. Searching on instance1 (both instances were on the same server) == ***Searching... ldap_search_s(ld, "OU=NorthWest,OU=Customers,O=Company,DC=com", 2, "(objectclass=*)", attrList, 0, &msg) Error: Search: Referral. <10> Server error: 0000202B: RefErr: DSID-03100697, data 0, 1 access points ref 1: 'localhost:50014:50015' == the error as I did not enable referral chasing on the client. Assuming that we can get this working for you a couple of other points to note: [1] if you are prepared to have two ADAM instances in the same configuration set crossRef generation can be handled for you by the create NC ability of dsmgmt - however the above should work [2] referrals are not a panacea, so e.g. the above example is only useful if the searcher hitting instance1 (home of NE) has the full DN of NW as search base and has credentials that can chase the referral Further input from me will likely be delayed due to holidays, Lee Flight

Re: Referrals with 2 ADAM Instances drm <don.mai[ at ]westernsouthernlife.com> 12/24/2008 2:17:05 PM On Dec 23, 7:31 pm, "Lee Flight" <l...[ at ]le.ac.uk-nospam> wrote: [Quoted Text] > Hi > > at what point do you get "Element not found"? > > I just tried a repro on ADAM SP1: >  opened ADAM ADSIedit >  connected to the configuration naming context of ADAM instance1 >  right-click on CN=Partitions -> New ->Object... crossRef >  was prompted for and entered cn >  was prompted for and entered nCName >  On the finish page More Attributes added dnsRoot >  Then Finish > > enabled=True is default so no need to add explicitly. > Searching on instance1 (both instances were on the same server) > > == > ***Searching... > ldap_search_s(ld, "OU=NorthWest,OU=Customers,O=Company,DC=com", 2, > "(objectclass=*)", attrList,  0, &msg) > Error: Search: Referral. <10> > Server error: 0000202B: RefErr: DSID-03100697, data 0, 1 access points >  ref 1: 'localhost:50014:50015' > == > > the error as I did not enable referral chasing on the client. > > Assuming that we can get this working for you a couple of other points to > note: > [1] if you are prepared to have two ADAM instances in the same configuration >       set crossRef generation can be handled for you by the create NC > ability >       of dsmgmt  - however the above should work > > [2] referrals are not a panacea, so e.g. the above example is only useful if > the searcher >       hitting instance1 (home of NE) has the full DN of NW as search base > and has >       credentials that can chase the referral > > Further input from me will likely be delayed due to holidays, > Lee Flight Lee, Thanks for your response. I get the error message after I added the dnsRoot and click finish.

Re: Referrals with 2 ADAM Instances "Lee Flight" <lef[ at ]le.ac.uk-nospam> 12/24/2008 8:34:17 PM Hi I have not been able to repro this. What happens if rather than using ADSIEdit you try and create the crossRef using an ldf file e.g. create a test.ldf containing dn: CN=NW,CN=Partitions,DC=X changetype: add objectClass: crossRef nCName: OU=NorthWest,OU=Customers,O=company,DC=com dnsRoot: localhost:50000:50001 (trim any whitespace from line ends) imported using ldifde -i -f test.ldf -c "DC=X" #configurationNamingContext -s <ADAMserver1>:<ADAMport1> ignore any linewraps in the above. As ever try on a non-production instance first, thanks Lee Flight

Re: Referrals with 2 ADAM Instances drm <don.mai[ at ]westernsouthernlife.com> 12/29/2008 4:13:29 PM On Dec 24, 3:34 pm, "Lee Flight" <l...[ at ]le.ac.uk-nospam> wrote: [Quoted Text] > Hi > I have not been able to repro this. > What happens if rather than using ADSIEdit you try and create the crossRef > using an ldf file e.g. create a test.ldf containing > > dn: CN=NW,CN=Partitions,DC=X > changetype: add > objectClass: crossRef > nCName: OU=NorthWest,OU=Customers,O=company,DC=com > dnsRoot: localhost:50000:50001 > > (trim any whitespace from line ends) imported using > > ldifde -i -f test.ldf -c "DC=X" #configurationNamingContext >  -s <ADAMserver1>:<ADAMport1> > > ignore any linewraps in the above. > > As ever try on  a non-production instance first, thanks > Lee Flight I tried this and still received an "Element Not Found" message. I checked the properties for CN=Cross-Ref,CN=Schema,CN=Configuration,CN= {guid} and noticed that neither dsnRoot nor nCName are listed under allowedAttributes. I tried adding them to allowedAttributes but was not able to (constraint violation). I tried adding them to mayContain but that did not help. See error messages below. Add error on line 1: Unavailable The server side error is: 0x490 Element not found. The extended server error is: 00000490: SvcErr: DSID-011F0A37, problem 5002 (UNAVAILABLE), data 0

Re: Referrals with 2 ADAM Instances "Lee Flight" <lef[ at ]le.ac.uk-nospam> 12/29/2008 8:41:52 PM Hi here's a snip from my ADAM SP1 default schema == Dn: CN=Cross-Ref,CN=Schema,CN=Configuration,CN={GUID} systemMayContain (13): trustParent; superiorDNSRoot; rootTrust; nETBIOSName; msDS-Other-Settings; Enabled; msDS-SDReferenceDomain; msDS-Replication-Notify-Subsequent-DSA-Delay; msDS-Replication-Notify-First-DSA-Delay; msDS-NC-Replica-Locations; msDS-DnsRootAlias; msDS-Behavior-Version; dnsRoot; systemMustContain (2): nCName; cn; == so dnsRoot is there on systemMayContain and nCName is systemMustContain. Do you not have that? The DSID error should help, if your schema does check out as above then I will see what I can find out. Lee Flight "drm" <don.mai[ at ]westernsouthernlife.com> wrote in message news:754ae175-107c-4f3c-8cbe-1233e7eb6442[ at ]r15g2000prd.googlegroups.com... On Dec 24, 3:34 pm, "Lee Flight" <l...[ at ]le.ac.uk-nospam> wrote: [Quoted Text] > Hi > I have not been able to repro this. > What happens if rather than using ADSIEdit you try and create the crossRef > using an ldf file e.g. create a test.ldf containing > > dn: CN=NW,CN=Partitions,DC=X > changetype: add > objectClass: crossRef > nCName: OU=NorthWest,OU=Customers,O=company,DC=com > dnsRoot: localhost:50000:50001 > > (trim any whitespace from line ends) imported using > > ldifde -i -f test.ldf -c "DC=X" #configurationNamingContext > -s <ADAMserver1>:<ADAMport1> > > ignore any linewraps in the above. > > As ever try on a non-production instance first, thanks > Lee Flight I tried this and still received an "Element Not Found" message. I checked the properties for CN=Cross-Ref,CN=Schema,CN=Configuration,CN= {guid} and noticed that neither dsnRoot nor nCName are listed under allowedAttributes. I tried adding them to allowedAttributes but was not able to (constraint violation). I tried adding them to mayContain but that did not help. See error messages below. Add error on line 1: Unavailable The server side error is: 0x490 Element not found. The extended server error is: 00000490: SvcErr: DSID-011F0A37, problem 5002 (UNAVAILABLE), data 0

Re: Referrals with 2 ADAM Instances drm <don.mai[ at ]westernsouthernlife.com> 12/30/2008 1:06:25 PM On Dec 29, 3:41 pm, "Lee Flight" <l...[ at ]le.ac.uk-nospam> wrote: [Quoted Text] > Hi > > here's a snip from my ADAM SP1 default schema > > == > Dn: CN=Cross-Ref,CN=Schema,CN=Configuration,CN={GUID} > > systemMayContain (13): trustParent; superiorDNSRoot; rootTrust; nETBIOSName; > msDS-Other-Settings; Enabled; msDS-SDReferenceDomain; > msDS-Replication-Notify-Subsequent-DSA-Delay; > msDS-Replication-Notify-First-DSA-Delay; > msDS-NC-Replica-Locations; msDS-DnsRootAlias; msDS-Behavior-Version; > dnsRoot; > > systemMustContain (2): nCName; cn; > == > > so dnsRoot is there on systemMayContain and nCName is systemMustContain. > Do you not have that? > > The DSID error should help, if your schema does check out as above then > I will see what I can find out. > > Lee Flight > > "drm" <don....[ at ]westernsouthernlife.com> wrote in message > > news:754ae175-107c-4f3c-8cbe-1233e7eb6442[ at ]r15g2000prd.googlegroups.com... > On Dec 24, 3:34 pm, "Lee Flight" <l...[ at ]le.ac.uk-nospam> wrote: > > > > > > > Hi > > I have not been able to repro this. > > What happens if rather than using ADSIEdit you try and create the crossRef > > using an ldf file e.g. create a test.ldf containing > > > dn: CN=NW,CN=Partitions,DC=X > > changetype: add > > objectClass: crossRef > > nCName: OU=NorthWest,OU=Customers,O=company,DC=com > > dnsRoot: localhost:50000:50001 > > > (trim any whitespace from line ends) imported using > > > ldifde -i -f test.ldf -c "DC=X" #configurationNamingContext > > -s <ADAMserver1>:<ADAMport1> > > > ignore any linewraps in the above. > > > As ever try on a non-production instance first, thanks > > Lee Flight > > I tried this and still received an "Element Not Found" message. I > checked the properties for CN=Cross-Ref,CN=Schema,CN=Configuration,CN= > {guid} and noticed that neither dsnRoot nor nCName are listed under > allowedAttributes.  I tried adding them to allowedAttributes but was > not able to (constraint violation).  I tried adding them to mayContain > but that did not help.  See error messages below. > > Add error on line 1: Unavailable > The server side error is: 0x490 Element not found. > The extended server error is: > 00000490: SvcErr: DSID-011F0A37, problem 5002 (UNAVAILABLE), data 0- Hide quoted text - > > - Show quoted text - Lee, I checked the systemMayContain and systemMustContain attributes and they agree with what you have.

Re: Referrals with 2 ADAM Instances "Lee Flight" <lef[ at ]le.ac.uk-nospam> 12/30/2008 6:47:00 PM Hi The advice I received (Thanks Dmitri) is that the DSID looks like it might be coming from WS08 directory services. Can you confirm which version of ADAM you are running I read "w2k3 sp1" in your original post? Also on your ldf import did you target the correct ADAM server/port? Also could you please check that the ADAM instance does not contain any exisiting crossRefs that might conflict with the attempted change? Is the ADAM instance part of a configuration set? Thanks Lee Flight [Quoted Text] > Add error on line 1: Unavailable > The server side error is: 0x490 Element not found. > The extended server error is: > 00000490: SvcErr: DSID-011F0A37, problem 5002 (UNAVAILABLE), data 0- Hide