AD creating directReports
Hi All,
does anybody know anything about the attribute "directReports"?
i need to create this attribute for a perticular user. How can i do it?
Its very urgent to me.
one more thing. is it "manager" and "managedBy" are similar or not?
If not, let me know the difference between them.
i think manager is user specific attribute and managedBy is group specific attribute. is it right?
I am able to create manager attribute but i am failed to create managedBy.
can any one please give some directions. i am just googling about this. I didn't get right information.
Thanks in advance
[641 byte] By [
jt_mka] at [2007-11-26 15:14:10]
# 1
The two attributes you are interested in are directReports and manager.
They operate in a similar way as member & memberOf, in that they are linked attributes, and automagically maintain their referential integrity if users are moved, renamed or deleted. You update the manager attribute, not the directReports attribute.
BTW, the managedBy attribute is unrelated to any of this, its intent is to identify the "owner" of this object in the directory, . Eg. The user or group who are responsible for creating, deleting or modifying this object. Also the managedBy attribute is unrelated to the "owner" identified in the object's Access Control List (ACL).
There is some sample code for adding a manager in the post titled "JNDI, Active Directory and LDAP Extended COntrols (LDAP Stats, Verify Name)" available at
http://forum.java.sun.com/thread.jspa?threadID=5117992&tstart=0
Note that this sample is a little more complicated because it deals with an interesting cross domain problem. You just need to remove the LDAP Controls stuff and name the manager & direct reports objects accordingly.
Good luck
# 2
Thanks for explanation. It makes sense to me.
Now I am trying create managedBy attribute for a user. But i am getting exception like this
Problem adding managedBy Attrinute: javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - 0000207D: UpdErr: DSID-03150F9C, problem 6002 (OBJ_CLASS_VIOLATION), data 0
remaining name 'CN=aaa,CN=Users,DC=MyDomain,DC=com'
My code is
String UserName = "'CN=aaa,CN=Users,DC=MyDomain,DC=com'";
String ManagedByName = "'CN=bbb,CN=Users,DC=MyDomain,DC=com'";
try {
DirContext ctx = new InitialDirContext(env);
ModificationItem mods[] = new ModificationItem[1];
mods[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("managedBy", ManagedByName));
ctx.modifyAttributes(UserName,mods);
ctx.close();
} catch (NamingException e) {
System.err.println("Problem adding managedBy Attrinute: " + e);
}
Whats wrong with my code..
# 3
You've got it back to front !
It should beString pleb = "CN=aaa,CN=Users,DC=MyDomain,DC=com";
String boss = "CN=bbb,CN=Users,DC=MyDomain,DC=com";
try {
DirContext ctx = new InitialDirContext(env);
ModificationItem mods[] = new ModificationItem[1];
mods[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("manager", boss));
ctx.modifyAttributes(pleb,mods);
ctx.close();
}
catch (NamingException e) {
System.err.println("Problem adding managedBy Attrinute: " + e);
}
# 4
Apologies, it would help if I really read your post.managedBy (and its corresponding linked attribute managedObjects) is not present on a user object. IIRC it is present on containers, organisationalUnits and groups.
