7

I can successfully bind to AD LDAP, and modify and create objects.

However, if I want to update or set an attribute of type 'Boolean', then I get this error:

00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1

Here is a piece of the Perl code responsible:

$rv = $ldap->add($dn, attr=> [
    cn => [$u],
    objectClass => [ 'top','person', 'organizationalPerson', 'contact' ],
    displayName => "$u Mailing List",
    mail => $email,
    name => $u,
    mailNickname => $local,
    proxyAddresses => [
        "SMTP:$email",
        "smtp:$local\@$SERVERDOM",
    ],
    givenName => $u,
    targetAddress => "SMTP:$email",
    internetEncoding => 1310720,
    msExchAddressBookFlags => 1,
    msExchModerationFlags => 6,
    msExchProvisioningFlags => 0,
        msExchHideFromAddressList => 'TRUE',
        msExchBypassAudit => 'FALSE',
        msExchMailboxAuditEnable => 'FALSE',

]);

The problem is the three last attributes; if they are commented out, then it works. I have tried using 0 and 1 instead of 'TRUE' and 'FALSE' but I get the same issue. It seems that the Net::LDAP code calls Convert::ASN1 with a type of string or int which is incorrect; it should be using 'boolean', but I cannot see how to make it do this.

Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
Steve Shipway
  • 3,754
  • 3
  • 22
  • 39
  • I get: `Bareword "true" not allowed while "strict subs" in use` Perl apparently does not have this constant defined. Quoted lower-case gives the same error as quoted upper-case. – Steve Shipway Nov 06 '14 at 01:44
  • Have you tried setting the values to boolean literals? – Stephen Dec 02 '14 at 08:52
  • Perl does not have a boolean data type. I added the Boolean module but that did not help either. Tried 1, -1, 0xff, 0xffff, 0xffffffff, 'true', 'True', 'TRUE', still the same attribute conversion error. – Steve Shipway Dec 03 '14 at 19:27
  • Oh, apologies my background to this question is more LDAP than Perl, I had assumed bools were part of the native types. Can you use the Net::LDAP::Entry->get_value method to read an existing entry from the directory, and check how its represented? – Stephen Dec 04 '14 at 05:31

1 Answers1

5

According to the LDAP specification; string values of "TRUE", "True", "true", etc are all valid.

Unknown attributes, or attributes not available to that user will throw 'Error in attribute conversion operation' errors.

Looking at the attributes and googling them shows that msExchHideFromAddressList should be msExchHideFromAddressLists <- note the plural s.

harvey
  • 2,945
  • 9
  • 10
  • 3
    You're right about the 's' -- that was the cause of the failure, and the misleading error message. However, it appears that (on our system at least) the 'TRUE' and 'FALSE' MUST be in upper case for it to work. I can't believe I was banging my head against the desk for so long over this one. – Steve Shipway Dec 05 '14 at 02:19
  • 2
    I can confirm that with Spring LDAP and Openldap I have to use 'FALSE', all upper case – Riccardo Cossu Jun 03 '15 at 15:06