Well this one was a real pain, but gladly I got it sorted. Google seems to not have many answers on this one.
We where having a problem with the Roles driver in Novell IDM. It was giving the error:
-628 ERR_OBJECT_CLASS_VIOLATION
I did a schema compare with another eDirectory Tree and found a problem with nrfIdentity class, it was neither an effective class nor an aux class.
I deleted the class and re-imported the schema with the command:
ndssch admin.iam nrf-extensions.sch
and this seemed to fix the problem.
Not often you see schema problems in eDirectory but this was nasty. When doing a schema update during the install it just kept saying the schema was 100%.
Hope this proves helpfully, sadly Google will have to try better next time.