Directory Wizards Inc.

Solutions For Your Directory Needs

• Products
• Support
• Knowledgebase
• Blog
• DirWiz Gear
• About
• Home

RSS feed

Categories

• Active Directory
• ADAM
• Address Manipulation
• BPOS
• Exchange 200x
• Exchange 5.5
• Exclusions
• General
• Group as Group Sync
• Groupwise
• LDAP SSL
• LDIF
• Licensing & Keys
• Lotus Notes / Domino
• Map Files
• Master/Spoke
• Netscape
• ODBC
• Oracle
• Outlook
• Profiler
• SharePoint
• Troubleshooting
• UnitySync
• USync
• Windows 2000

Knowledgebase

LDAP_CONSTRAINT_VIOLATION

Category:Troubleshooting

Last Updated:2011-08-03

Download PDF version

LDAP_CONSTRAINT_VIOLATION means the destination schema doesn't like something the sync is trying to do with an attribute... The sync may be trying to set an attribute that doesn't exist. Or the sync may be trying to set an invalid value for an attribute.

Further trouble shooting tips:

• When syncing to AD, a common cause of Constraint Violation errors is an ADD which specifies a DN including a CN that is to long.  The CN in the DN is limited to 64 characters.  By default, the sync uses email address in the CN.  Occasionally, an email address exceeds 64 characters.  The latest default map files are designed to automatically truncate the value as it appears in the DN to avoid this error. If you are using an old map file that does not contain this truncation, edit your map file and add the truncation.
  
  If you don't already have a custom map file, create one now.
  The first line of your map file (DN) reads like this by default:
  dn=cn=~mail~,~struct~
  
  Edit this mapping to add the #64 truncation like this:
  dn=cn=~mail#64~,~struct~
  
  Click SAVE.
  Click Apply (if necessary).
  
  When you run your sync, previously synced objects will not be affected.  Only those objects that have failed to sync due to this error will be affected, as they have the DN properly truncated to the required limit, they will now be added successfully.  Note: This truncation only applies to the value as it appears in the DN, the actual email address value is synced as-is, without truncation.  If you are unsure of the results you will see, run a SIMULATION first to verify results.
   
• If you are syncing to an AD destination, using a "(mail enabled)" template, verify that the Exchange 2000 schema is actually loaded on your destination AD.  The GUI tool  Connection > Advanced > Exchange Info can tell you if Ex200x is really loaded on your destination or not.
   
• A duplicate attribute mapping can cause a CONSTRAINT_VIOLATION...Verify you did not accidently add a duplicate mapping in your custom map file.
   
• If you customize country/country code mappings (i.e. c/co), make sure the values are correct... co may only contain a three character 'country code' . Make sure you didn't accidently map a full country name to CO.

© 2011 Directory Wizards Inc.