|Applies To||RSA ClearTrust 5.5 Entitlements Manager (Admin GUI)|
Novell eDirectory 8.1.7
|Issue||Error: "NDS error: no additional information available (-306) [Invalid syntax]" when trying to update a Boolean User Property through RSA ClearTrust Entitlements Manager|
Boolean properties used internally by RSA ClearTrust Entitlement Server should not be confused with native LDAP Boolean type. Usually, it is recommended to use a String LDAP types when storing a ClearTrust boolean property value rather than a Boolean LDAP type. ClearTrust uses the string data type for various attribute by design due to the inconsistently in various LDAP servers.
A syntax Error is returned by the eDirectory LDAP server when ClearTrust Entitlements Server attempts to store a Boolean user property in a native LDAP Boolean field. This is caused by the ClearTrust Entitlements Server saving Boolean property types, along with other property types as String types in the backend datastore. eDirectory is not able to handle this format. NOTE For boolean types, the string of "1" or "0" is stored.
|Resolution||This issue is resolved in hot fix 220.127.116.11_RFE for RSA ClearTrust Servers, which adds support for mapping ClearTrust Boolean User Properties to eDirectory based Boolean type attributes. Contact RSA Security Customer Support to request this hot fix, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).|
NOTE: The following 2 new ldap.conf parameters were introduced in hot fix 18.104.22.168:
For more details, see the documentation included with hot fix 22.214.171.124.
|Workaround||RSA ClearTrust Boolean type User Property was mapped to a eDirectory native attribute of type Boolean|
|Legacy Article ID||a22860|