Adding a User to AD using JNDI
Hello,
I am trying to add a user to AD using the sample code below. However, I keep getting the following error.:
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece
// sample codee:
BasicAttributes attrs = new BasicAttributes();
BasicAttribute ocs = new BasicAttribute("objectclass");
ocs.add("top");
ocs.add("person");
ocs.add("organizationalPerson");
ocs.add("user");
attrs.put(ocs);
BasicAttribute gn = new BasicAttribute("givenName", "test1");
attrs.put(gn);
BasicAttribute sn = new BasicAttribute("sn", "");
attrs.put(sn);
BasicAttribute cn = new BasicAttribute("cn", "test1");
attrs.put(cn);
BasicAttribute uac = new BasicAttribute("userAccountControl", "66048");
attrs.put(uac);
BasicAttribute sam = new BasicAttribute("sAMAccountName", "test1");
attrs.put(sam);
BasicAttribute disName = new BasicAttribute("displayName", "test1");
attrs.put(disName);
BasicAttribute userPrincipalName = new BasicAttribute("userPrincipalName", "test1@tfg.thefiengroup.com");
attrs.put(userPrincipalName);
BasicAttribute instanceType = new BasicAttribute("instanceType", "4");
attrs.put(instanceType);
ctxDC.createSubcontext("CN=test1,CN=Users,DC=Diamelle,DC=local", attrs);
ctxDC.close();
Any ideas as to where the problem may lie?
thanks for your help.
[1554 byte] By [
shah70a] at [2007-10-3 4:56:48]
BasicAttribute sn = new BasicAttribute("sn", "");
is the culprit
Adding an attribute with no value, is equivalent to deleting the value from the attribute.
And because the object hasn't been created yet, and consequently does not have a value for that attribute, you can't delete a value for that attribute.
I can't remember whether this behaviour is due to the the LDAP protocol or whether it is due to the AD implementation.
Thanks. Adding a value for the sn attribute removes that error.
Now I am getting the following:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
Could it be that my ctxDC.createSubcontext("CN=test1,CN=Users,DC=Diamelle,DC=local", attrs); values are wrong? if so, how do I find the correct values? I am a little new working with ldap.
Thanks again for your help.
Thanks Tony.
I used the following code to create the password string, but I get the same error. Does this need to be over ssl? If so, are the any suggestions on creating and installing the cert for AD?
public static String encodePassword(String pass) throws UnsupportedEncodingException
{
sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();
final String ATT_ENCODING = "Unicode";
// Agree with MS's ATTRIBUTE_CONSTRAINT
String pwd = "\"" + pass +"\"";
byte _bytes[] = pwd.getBytes(ATT_ENCODING);
// strip unicode marker
byte bytes[] = new byte [_bytes.length - 2];
System.arraycopy(_bytes, 2, bytes, 0,_bytes.length - 2);
String base64 = encoder.encode(bytes);
System.out.println(base64);
return base64;
}
Thanks for your help
Have a look at JNDI, Active Directory (Creating new users & demystifying userAccountControl)
http://forum.java.sun.com/thread.jspa?threadID=582103&tstart=15
and
JNDI, Active Directory & Changing Passwords
http://forum.java.sun.com/thread.jspa?threadID=592611&tstart=50
Should answer most of your questions.
