moveEntry -672 ERR_NO_ACCESS

While moving disabled users from one ou to another getting this moveEntry -672 ERR_NO_ACCESS error

  • 0  

    Just throwing a question into the room without a greeting and thanks for an answer - sorry, that had to be done.


    There is not enough information available for the question to say anything concrete. Hence the excerpt from the NDS error codes. Recommendation: Run the NDS trace during the operation and see exactly what the trace outputs during the user's move.

    -672 FFFFFD60 NO ACCESS
    Source: eDirectory or NDS
    Explanation: The requester does not have sufficient rights to the information specified in a request.

    WARNING:Applying all solutions mentioned in this topic could make the problem worse if the actual cause of the problem is not known. Before following a course of action, make sure that you understand the cause of the error and the consequences for the actions suggested.
    Possible Cause: A request was received by eDirectory or NDS (ds.nlm) to return an object or an object’s attribute information when the requester does not have sufficient rights to the specified object or its attributes.
    Action: Ensure that the user has the appropriate rights for that object.
    Possible Cause: A request was received to perform an eDirectory or NDS partition operation when the requester does not have sufficient rights to the specified partition root objects.
    Action: Ensure that the user performing the partition operation has the appropriate rights to each partition root object applicable.
    Possible Cause: A request was received from a server to set its RSA keys when its eDirectory or NDS object already has a RSA public key.
    Action: Contact a Novell Support Provider.
    Possible Cause: A request was received to start inbound replica synchronization on an eDirectory or NDS partition in a New replica state. However, the source server (requester) does not hold the master replica of the partition. This can be an indication of multiple master replicas being in a replica ring.
    Action: Handle this as a Replica Ring Discrepancy issue.
    Possible Cause: A request was received to synchronize an eDirectory or NDS partition. However, the eDirectory or NDS object for the source server is not present in the local database of the target server.
    Action: Handle this as a Replica Ring Discrepancy issue.
    Possible Cause: A request was received to synchronize an eDirectory or NDS schema. However, the eDirectory or NDS object for the source server is not present in the local database of the target server.
    Action: Handle this as a Replica Ring Discrepancy issue.
    Possible Cause: An attempt was made by an eDirectory or NDS server to begin inbound replica synchronization. However, the source server does not exist in the replica ring of the specified eDirectory or NDS partition as held by the target server.
    Action: Handle this as a Replica Ring Discrepancy issue.
    Possible Cause: An attempt was made by an eDirectory or NDS server to update the eDirectory or NDS schema. One of the following conditions caused the error:

        The replica depth for the source server is higher than the target server.

        The source server does not exist in the replica ring of the eDirectory or NDS partition closest to the [Root] on the target server.

    Action: Updates to the schema for an eDirectory or NDS server can only be made by source servers that have a lower replica depth than the target server and, if the target server holds any eDirectory or NDS partitions, the source server exists in the replica ring of the eDirectory or NDS partition closest to the [Root] on the target server.
    Possible Cause: An attempt was made by an eDirectory or NDS server to modify the replica type of an eDirectory or NDS partition held by the target server. However, the source server does not exist in the eDirectory or NDS database for the target server. If using DSTRACE on the target server with the Schema Synchronization flag set, the following message will be displayed:

    LinkReplica: DSALinkReplica for partition [PartitionRootObjectEntryID] <PartitionRootObjectName> from [SourceServerEntryID] <SourceServerName> f

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei

  • 0 in reply to   

    Hi  , 

    We trying to move the disabled users through a driver by applying a policy . After executing the policy in the driver it is tracing "error">Code(-9010) An exception occurred: novell.jclient.JCException: moveEntry -672 ERR_NO_ACCESS< . 

  • 0 in reply to 

    Also If we try to move the user manually to disable ou , it is giving success. Only the issue is when we try to move it through the loopback driver

  • 0   in reply to 

    Short answer:  The driver does not have permissions to complete the move.

    When you deploy a driver, you specify the Security Equals that the driver has. I.e. Whose permissions it is equal to?  You can look at the DirXML-Driver object for the Security Equals attribute to see. 

    If you have done some complex stuff, you can try using the iManager Rights tool, and check the effective rights of the Driver object to the containers in play.

    Login as the user the driver iis equal to, and see if can do the move.  I doubt it.  672 is a pretty clear error.

  • 0   in reply to   

    I only know the eDir page and the error codes concerned. Thanks for the well-founded view regarding IDM. The 672 (source of the client / IDM) represents an authorization problem. That is the approach.

    I have simply added the complete description from the eDir error code SDK so that perhaps more information is available.

    “You can't teach a person anything, you can only help them to discover it within themselves.” Galileo Galilei