I can successfully bind to AD LDAP, and modify and create objects.
However, if I want to update or set an attribute of type 'Boolean', then I get this error:
00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1
Here is a piece of the Perl code responsible:
$rv = $ldap->add($dn, attr=> [
cn => [$u],
objectClass => [ 'top','person', 'organizationalPerson', 'contact' ],
displayName => "$u Mailing List",
mail => $email,
name => $u,
mailNickname => $local,
proxyAddresses => [
"SMTP:$email",
"smtp:$local\@$SERVERDOM",
],
givenName => $u,
targetAddress => "SMTP:$email",
internetEncoding => 1310720,
msExchAddressBookFlags => 1,
msExchModerationFlags => 6,
msExchProvisioningFlags => 0,
msExchHideFromAddressList => 'TRUE',
msExchBypassAudit => 'FALSE',
msExchMailboxAuditEnable => 'FALSE',
]);
The problem is the three last attributes; if they are commented out, then it works. I have tried using 0 and 1 instead of 'TRUE' and 'FALSE' but I get the same issue. It seems that the Net::LDAP
code calls Convert::ASN1
with a type of string
or int
which is incorrect; it should be using 'boolean', but I cannot see how to make it do this.
See Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions for valid values of "Boolean" in LDAP.
Unknown attributes, or attributes not available to that user will throw 'Error in attribute conversion operation' errors.
Looking at the attributes and googling them shows that msExchHideFromAddressList
should be msExchHideFromAddressLists
<- note the plural s.