Attributes Contained in Modify Request Are Not Deleted When You Use the Cdir_ldp.exe Program (316444)


The information in this article applies to:

  • Microsoft Metadirectory Services 2.2
  • Microsoft Metadirectory Services 2.2 SP1
This article was previously published under Q316444

SYMPTOMS

When you use Cdir_ldp.exe, if there are Lightweight Directory Access Protocol (LDAP) modify requests that require one or more attributes to be deleted, these attributes may not be deleted. When you view the LDAP trace log (or a Netmon.exe trace log) on the server that is running Microsoft Metadirectory Services (MMS), the expected label-value pair may not be included in the LDAP modify request.

CAUSE

Before each LDAP modify request, MMS issues an LDAP search request that specifies the distinguished name of the object that you want to modify. This search request also includes a list of attributes that are to be returned in the search request response. This list is stored as the zcLDAPAttrList attribute on the management agent (MA). The zcLDAPAttrList attribute must contain the names of all of the attributes that you want to delete. When you initiate an LDAP modify request, if the request contains a delete request for an attribute that is not in the zcLDAPAttrList attribute, Cdir_ldp.exe automatically strips the attribute, and the attribute is not sent to the connected directory.

RESOLUTION

To resolve this issue, add the attribute names that you want to delete to the zcLDAPAttrList multiple-valued attribute in the MA.

NOTE: The following procedure assumes that you use a Netscape MA as the MA template, and that the attribute that you want to delete has been previously discovered.
  1. Use an account that has administrative rights to log on to MMS.
  2. Click the bookmarks icon on the Actions menu, and then click Management Agents.
  3. Click the target MA in the right pane.
  4. Click Configure MA on the Actions menu.
  5. Click the Connected Directory Specifics tab.
  6. Click the Attributes to Discover tab.
  7. Scroll to the end of the list, and then type the name of the attribute that you want to delete.
  8. Click OK.
After you add the attribute names that you want to delete to the zcLDAPAttrList attribute, configure the output templates so that the attributes are included in the modify templates of either the Create file (for users) or the Export file (for foreign entries).

To configure the output templates for the connected directory for users:
  1. Click Design MA on the Actions menu.
  2. Click the Control Connected Directory tab.
  3. Click the Output Templates tab.
  4. Click the Modify tab.
  5. Type the missing attributes in the format that is used on this form.

    The lists of attribute name-value pairs are generally stored in alphabetical order. For example, when you add an attribute called "employeeNumber", the following text is displayed:

    (-employeeNumber: $cd.employeeNumber)

  6. Click OK.
To configure the output templates for the connected directory for foreign entries:
  1. Click Design MA on the Actions menu.
  2. Click the Connected Directory Foreign Entries tab.
  3. Click the Foreign Entries Output Templates tab.
  4. Click the Modify tab.
  5. Type the missing attributes in the format that is used on this form.

    When you add an attribute called "employeeNumber", the following text is displayed:

    (-employeeNumber: $cd.employeeNumber)

  6. Click OK.

MORE INFORMATION

LDAP modify requests may specify changes to multiple attributes in a single transaction. Some LDAP folders abort the entire modification request if the modify request tries to remove an attribute that does not exist. Cdir_ldp.exe uses the LDAP search request response information to ensure that modify requests that require attributes to be deleted delete only existing attributes.
Modification Type:MajorLast Reviewed:6/6/2003
Keywords:kbprb KB316444
©2002 Microsoft Corporation. All rights reserved.