I can successfully bind to AD LDAP, and modify and create objects.
However, if I want to update or set an attribute of type 'Boolean', then I get this error:
00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1
Here is a piece of the Perl code responsible:
$rv = $ldap->add($dn, attr=> [
cn => [$u],
objectClass => [ 'top','person', 'organizationalPerson', 'contact' ],
displayName => "$u Mailing List",
mail => $email,
name => $u,
mailNickname => $local,
proxyAddresses => [
"SMTP:$email",
"smtp:$local\@$SERVERDOM",
],
givenName => $u,
targetAddress => "SMTP:$email",
internetEncoding => 1310720,
msExchAddressBookFlags => 1,
msExchModerationFlags => 6,
msExchProvisioningFlags => 0,
msExchHideFromAddressList => 'TRUE',
msExchBypassAudit => 'FALSE',
msExchMailboxAuditEnable => 'FALSE',
]);
The problem is the three last attributes; if they are commented out, then it works. I have tried using 0 and 1 instead of 'TRUE' and 'FALSE' but I get the same issue. It seems that the Net::LDAP code calls Convert::ASN1 with a type of string or int which is incorrect; it should be using 'boolean', but I cannot see how to make it do this.
See Lightweight Directory Access Protocol (v3): Attribute Syntax Definitions for valid values of "Boolean" in LDAP.
Unknown attributes, or attributes not available to that user will throw 'Error in attribute conversion operation' errors.
Looking at the attributes and googling them shows that msExchHideFromAddressList should be msExchHideFromAddressLists <- note the plural s.