Looking to create users using SSIS and DirectoryServices (VB)

I'm taking a stab at this, since you didn't post the other error message (the one receive when you attempt a password set), but I don't believe your approach will work, without modification, since Lawson 'people' objects aren't proper LDAP users. The password attribute doesn't exist for a lawson 'people' object.

Now I'm not on a system right now, such that I can view the schema, but take a peek at the schema and ensure that you are setting all the non-default 'properties' for the VB object 'newUser'

My hunch is that when you try to set the password, VB is failing due to the 'password' attribute not being on the Lawson 'people' object, and when you don't set the password, VB is failing because it's definition of a user object requires there to be a non-null password attribute value.

A bit more detail would help others in helping you more specifically:
1) The other error message generated when attempting to set the password
2) Does the first commitchanges() in your code snippit listed here succeed? (this would be the line three from the bottom)
3) Ensure that your deSearch.Filter is correct.

Kwane

I was able to look at the Schema, but I guess I am not sure what I should look at, to see if the attribute is defaulted or required. I will attach a full version of my code as I tried it setting many other attributes as well. The one thing I am not setting is the User attribute for the SSOP (under manage Identities in Lawson Security). That should be the attribute that ties it back to our other Active Directory server for single sign on. But I am not sure what to do to set it.

Per the snippet the first commitchanges() Is the one that fails with COMException 0x80072035. If I comment out the first Commitchanges() so that it tried the SetPassword but it throws an InteropServices.COMException (0x80020006) on the invoke line, which like you stated may not be a settable attribute. Maybe the key is to set the identities first?

The deSearch works because if I set it to a user that already exists, it will modify the user. I can change their name, or other attributes. See attached code.

I am trying this based on some ldif scripts we had for a conversion to load the users onto a new server. I noticed that the scripts to manage identities were not part of the ldif file but in a separate xml file, so maybe I need to set that first. Not sure.

Thank you.

I checked out your code, and did a little research, and my underlying hypothesis (that you were not filling all of the required attributes) is correct.

I'll break this reply into two parts, one will be the general approach, and one will be specific to your request.

The key is that the SchemaTemplate you chose on the directory 'Children' Add method, requires that you fill all the attributes needed. Since this is a 'custom' template, you need to first define it, and then ensure that the underlying objectClass requirements are met. After reviewing the error codes, the first means 'LDAP unwilling to perform', which makes perfect sense.

The best approach is to take an LDAP browser (I prefer LDAPAdmin at SourceForge), and review both an existing object, and the schema requirements for all associated objectClasses. The key is you HAVE TO fulfill all the 'MUST' requirements. This is what I was alluding to in my prior posting.

With that said, I'll address your specific issues.
Your script makes a few assumptions that are not borne out in the review of the LDAP Schema, they are as follows:

1) Lawson objects are users
2) Lawson objects are defined by exactly one well defined objectClass
3) Values from SSO (aka Identities) are stored as attributes on the main 'people' object

To help you correct them in this post would be longer than most readers would bear, so feel free to contact me off-line.

Kwane
505-433-RSGI

This is my most recent attempt. Added more ObjectClasses, The SSO part of the code works, but the creating the user still causes issues. With the addition of the lwsnrmbootRMTopStruct objClasss it now throws a 0x80072014 - Did not satistfy one or more constraints.  I am referencing a ldif file that was used to migrate users to a new server. So I should be hitting all the constraints.

dn: cn=10041,ou=resources,o=lwsnrmdata,o=lawprod9
changetype: add
objectclass: top
objectclass: zzlwsnobjPeople
objectclass: zzlwsnobjlwsnRMResource
objectclass: lwsnrmbootRMTopStruct
zzlwsnattrPortalAdmin: NO
zzlwsnattrUTZOFFSET: 0
zzlwsnattrAccess: N
zzlwsnattrSLDTOBS: TRUE
zzlwsnattrGroup: Employee
zzlwsnattrGroup: Handbook1
zzlwsnattrWKDAYEXPR: (d>0&&d<6)
zzlwsnattrFirstName: Stephanie
zzlwsnattrName: Stephanie St.Claire
zzlwsnattrPortalRole: default.xml
zzlwsnattrProductLine: PROD
zzlwsnattrAllowJobQueue: Y
zzlwsnattrWFUser: 0
zzlwsnattrOLEDBC: ALLOW
zzlwsnattrAddins: DENY
zzlwsnattrSLDTFUNC: usLDT
zzlwsnattrULDTOBS: TRUE
zzlwsnattrULDTFUNC: usLDT
cn: 10041
zzlwsnattrCheckLS: NO
zzlwsnattrLastName: St.Claire