Wednesday, December 4, 2013

Fixed: Schema error updating Active Directory attributes with Informatica

I worked on an interesting problem this morning.

A client was using Informatica's Active Directory connector product to read data from AD into their ETL system.  This worked great.  They wanted to start using this to write data back into AD, but they were receiving a schema error whenever they tried to do so.

We checked to make sure the service account had permissions to update the attributes.
We checked to make sure the data matched the datatypes of the attributes in AD.
And then we checked the LDAP connector.  That's where the problem was.

The Informatica AD connector was configured to connect via the Global Catalog LDAP Port 3268.  The Global Catalog is a read-only copy of the most commonly used AD attributes.

FIX: We changed the LDAP connector to use port 389 instead.  That fixed the problem.

Another problem immediately popped up, but it was an easy one.  The transform was configured to update the CN in addition to the phone number with the DN as the primary key.  Since the CN is part of the DN, Informatica threw a cannot update RDN error.  The solution for this one was to remove the CN as part of the update set.


-Greene


* Security warning: Port 389 traffic is not encrypted, and unless you use Kerberos authentication you are broadcasting your service account's password in clear text.  I talked the client through this risk.

P.s. I should apologize, I failed to get the full text of the error for search engines to index.  That means that the person finding this article has likely been slaving away on this error for days.  mea culpa

keywords: informatica active directory connector schema ldap error update

No comments: