Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Core >> Core APIs

modifyAttributes doesn't work with relative DN

Hi all,

I am trying to add an account into a group in Active Directory using Java. If I use full DN, It works. However, it gives error if I use relative DN. In my case, I have to use relative DN. Can someone help me? The relative DN works fine when uses ldapCtx.getAttributes("CN=s3120246,CN=Users", {"memberOf"}); to get existing groups the user belong to.

======== Code uses full DN. This one works

Hashtable env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, "ldap://129.94.154.22:389/");

env.put(Context.SECURITY_CREDENTIALS, "password");

env.put(Context.SECURITY_PRINCIPAL, "username");

LdapContext ldapCtx = new InitialLdapContext(env, null);

ModificationItem mi[] = new ModificationItem[1];

mi[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", "CN=s3120246,CN=Users,DC=actd,DC=admin,DC=misk,DC=com,DC=au"));

ldapCtx.modifyAttributes("CN=MIST Staff GG All Staff,CN=Users,DC=actd,DC=admin,DC=misk,DC=com,DC=au", mi);

======== Code uses relative DN

Hashtable env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, "ldap://129.94.154.22:389/DC=actd,DC=admin,DC=misk,DC=com,DC=au");

env.put(Context.SECURITY_CREDENTIALS, "password");

env.put(Context.SECURITY_PRINCIPAL, "username");

LdapContext ldapCtx = new InitialLdapContext(env, null);

ModificationItem mi[] = new ModificationItem[1];

mi[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", "CN=s3120246,CN=Users"));

ldapCtx.modifyAttributes("CN=MIST Staff GG All Staff,CN=Users", mi);

-

After executing the code, it give errors as following:

javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000525: NameErr: DSID-031A0F80, problem

2001 (NO_OBJECT), data 0, best match of:

''

]; remaining name 'CN=MIST Staff GG All Staff,CN=Users'

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2942)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2863)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2669)

at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1387)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:

255)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirC

ontext.java:172)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirC

ontext.java:161)

at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:146)

at au.edu.unsw.bsds.idm.LDAPLookup.addMember(LDAPLookup.java:387)

at au.edu.unsw.bsds.idm.LDAPLookup.main(LDAPLookup.java:94)

Thank you very much

Tara

[3000 byte] By [tarajana] at [2007-11-26 17:43:06]
«« OutOfMemoryException
»» Having trouble listening and writing to a socket
# 1

And the problem is ?

The value of a group's "member" attribute is a fully distinguished name.

It should be quite obvious that using a relative distinguished name is not going to work.

If you can only use a relative DN when searching or retrieving the user object for a subsequent add member operation, either retrieve the user object's distinguishedName attribute and use that, rather than the JNDI name value, or simply concatenate the relative DN and the distinguished name part of the LDAP URL to build a fully distinguished name.

adler_stevena at 2007-7-9 0:11:17 > top of Java-index,Core,Core APIs...
# 2

Thank you so much for pointing out the problem.

Yes, I can set the fully distinguished name for member operation. The problem is it won't work if the Context.PROVIDER_URL set to "ldap://129.94.154.22:389/DC=actd,DC=admin,DC=misk,DC=com,DC=au" instead of "ldap://129.94.154.22:389/".

It will throw javax.naming.NameNotFoundException.

I can't set the Context.PROVIDER_URL to "ldap://129.94.154.22:389/" because the whole application has the external resource JNDI set to have the

jndi-lookup-name="dc=actd,dc=admin,dc=misk,dc=com,dc=au"

Here is the jndi resource config:

<external-jndi-resource enabled="true" factory-class="com.sun.jndi.ldap.LdapCtxFactory" jndi-look

up-name="dc=actd,dc=admin,dc=misk,dc=com,dc=au" jndi-name="active_directory_misk" res-type="javax.nam

ing*ldap.LdapContext">

<description>connect to AD ldap port</description>

<property name="java.naming.provider.url" value="ldap://129.94.154.22:389"/>

<property name="java.naming.security.authentication" value="simple"/>

<property name="java.naming.security.principal" value="Username"/>

<property name="java.naming.security.credentials" value="password"/>

</external-jndi-resource>

Any suggestion? Please help.

Thank you very much

Tara

tarajana at 2007-7-9 0:11:17 > top of Java-index,Core,Core APIs...
Core
Core APIs

Core New Topic

Core Hot Topic

Core

All Classified