java让ldap用户组新增新属性,Java LDAP-将组添加到用户问题-错误代码53-WILL_NOT_PERFORM...

I am trying to add an user into Active Directory.

Having in mind:

Using SSL

Certificate ok

Password works fine

With out group association, the user is correctly created.

When I try to associate the user to a group I get the following error:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000209A: SvcErr: DSID-031A1021, problem 5003 (WILL_NOT_PERFORM), data 0

I have used the DN and NAME group attributes but none worked.

My code is:

ctx = getContext();

ctx.createSubcontext(entryDN,entry); // it works fine

Attribute memberOf1 = new BasicAttribute("memberOf","NAME_OF_THE_GROUP");

Attributes atts = new BasicAttributes();

atts.put(memberOf1);

ctx.modifyAttributes(entryDN, LdapContext.ADD_ATTRIBUTE, atts); // ## it doesn't work

I tried LdapContext.ADD_ATTRIBUTE and LdapContext.REPLACE_ATTRIBUTE.

Also, I tried to add the group with the other attributes but all situation gave me the same error.

Does anyone have any idea what is going on?

Cheers!

解决方案

memberOf is a constructed attribute. You have to add the user to the group's member property, not add the group to the user's memberOf property.

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
在AD中创建用户并将用户加入到AD组中,可以使用JavaLDAP技术来实现。以下是一个示例代码: ```java import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.NamingException; import javax.naming.directory.*; import java.util.Hashtable; public class LDAPExample { public static void main(String[] args) { // LDAP连接信息 String ldapUrl = "ldap://your-ldap-server:389"; String ldapUsername = "your-ldap-username"; // 可以为空,如果匿名访问 String ldapPassword = "your-ldap-password"; // 可以为空,如果匿名访问 String ldapBaseDn = "DC=your-domain,DC=com"; // 用户信息 String username = "new-user"; String password = "new-password"; // 组信息 String groupName = "new-group"; // LDAP属性设置 Hashtable<String, Object> env = new Hashtable<>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, ldapUrl); if (ldapUsername != null && !ldapUsername.isEmpty()) { env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL, ldapUsername); env.put(Context.SECURITY_CREDENTIALS, ldapPassword); } try { // 连接LDAP服务器 DirContext context = new InitialDirContext(env); // 创建用户 Attributes userAttrs = new BasicAttributes(); userAttrs.put("objectClass", "user"); userAttrs.put("sAMAccountName", username); userAttrs.put("userPrincipalName", username + "@" + ldapBaseDn); userAttrs.put("userAccountControl", Integer.toString(512)); // 启用账户 userAttrs.put("unicodePwd", password.getBytes("UTF-16LE")); context.createSubcontext("CN=" + username + "," + ldapBaseDn, userAttrs); // 创建组 Attributes groupAttrs = new BasicAttributes(); groupAttrs.put("objectClass", "group"); groupAttrs.put("sAMAccountName", groupName); context.createSubcontext("CN=" + groupName + "," + ldapBaseDn, groupAttrs); // 将用户加入组中 ModificationItem[] mods = new ModificationItem[1]; mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", "CN=" + username + "," + ldapBaseDn)); context.modifyAttributes("CN=" + groupName + "," + ldapBaseDn, mods); System.out.println("User " + username + " added to group " + groupName); // 关闭LDAP连接 context.close(); } catch (NamingException e) { e.printStackTrace(); } catch (Exception e) { e.printStackTrace(); } } } ``` 注意:需要替换代码中的 LDAP连接信息、用户信息和组信息为实际的值。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值