Adding a user to AD LDS (ADAM) with Java and LDAP
-
24-05-2021 - |
Question
EDIT4: Got my application to write the user to the active directory, but the active directory complains when I try to enable the user
Previous messages
I'm trying to add a user to my local Active Directory (with AD LDS) by using Java (1.4) and LDAP. However, I keep getting the following error:
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - 0000207B : UpdErr: DSID-030511CF, problem 6002 (OBJ_CLASS_VIOLATION), data 0 ]; remaining > name 'CN=Test user,OU=Accounts,DC=PORTAL,DC=COMPANY,DC=BE'
My code:
public static void main(String[] args) {
try {
DirContext ctx = new InitialDirContext(X_Ldap.getEnvironment());
user usr = new user("Test user", "FALSE");
ctx.bind(
"CN=Test user,OU=Accounts,DC=PORTAL,DC=COMPANY,DC=BE", usr);
// X_Ldap.checkIfUserExists("Test User");
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
public class user implements DirContext {
String type;
/**
*
* @param isDisabled
* TRUE or FALSE (literally)
*/
public user(String username, String isDisabled) {
String type = username;
Attributes attr = new BasicAttributes(true);
Attribute oc = new BasicAttribute("objectclass");
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("user");
Attribute memberOf = new BasicAttribute("memberOf");
memberOf.add("CN=Users,CN=Roles,DC=PORTAL,DC=COMPANY,DC=BE");
attr.put(oc);
attr.put("msDS-UserAccountDisabled", isDisabled);
attr.put(memberOf);
attr.put("comment", username);
}
public String toString() {
return type;
}
}
edit I checked one of my user objects for mandatory attributes, but I'm not sure what i should fill in for all of them:
cn: Jane Doe -- Unicode string
instanceType: 0x4 = (WRITE) -- Integer
objectCategory: CN=Person,CN=Schema,CN=Configuration,CN={EDBEACA1-6F60-413C-80F2-6C5CE265F22F} -- Distinguished Name
objectClass: top; person; organizationalPerson; user -- Object Identifier
objectSid: S-1-372665300-2234744891-519896106-1336725265-1748609191-3385095770 -- SID
EDIT2: My current code:
public class newuser {
public static void main(String[] args) {
String userName = "cn=Albert Einstein,ou=Accounts,DC=PORTAL,DC=COMPANY,DC=BE";
// String groupName =
// "cn=Users,cn=Roles,DC=PORTAL,DC=COMPANY,DC=BE";
try {
// Create the initial directory context
System.out.println("Creating initial directory context...");
LdapContext ctx = new InitialLdapContext(X_Ldap.getEnvironment(),
null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
// some useful constants from lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
attrs.put("objectClass", "user");
attrs.put("cn", "Albert Einstein");
// These are some optional (but useful) attributes
attrs.put("givenName", "Albert");
attrs.put("sn", "Einstein");
attrs.put("displayName", "Albert Einstein");
attrs.put("description", "Research Scientist");
attrs.put("userPrincipalName", "AlbertE@antipodes.com");
attrs.put("mail", "relativity@antipodes.com");
attrs.put("telephoneNumber", "999 123 4567");
String newQuotedPassword = "\"Pass123\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16");
attrs.put("unicodePwd", newUnicodePassword);
attrs.put("msDS-User-Account-Control-Computed",
Integer.toString(UF_NORMAL_ACCOUNT + UF_DONT_EXPIRE_PASSWD));
// Create the context
System.out.println("Creating context...");
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Created disabled account for: " + userName);
ctx.close();
System.out.println("Successfully created User: " + userName);
} catch (NamingException e) {
System.err.println("Problem creating object: " + e);
}
catch (IOException e) {
System.err.println("Problem creating object: " + e);
}
}
}
Still have following problem:
String newQuotedPassword = "\"Pass123\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16");
attrs.put("unicodePwd", newUnicodePassword);
gives me the following exception:
Creating initial directory context... Problem creating object: java.io.UnsupportedEncodingException: UTF16LE
note: I disabled the requirement for SSL to change the password
EDIT 3: apparently the "User Account control" is not supported by AD LDS and is split up in a number of different attributes.
La solution
You perhaps can have a look to Using JAVA code with Active Directory especialy Creating new users & demystifying userAccountControl
For me you forgot the "CN
" attribute.
Autres conseils
Check your schema documentation which which attributes are allowed and required for person
, user
, and organizationalPerson
object classes. Ensure that the entry the code is trying to add has all the attributes that are required, and only attributes that are allowed or required.
Here are some know how which I learned during development of user account management application (ASP. NET) for Active Directory 2008:
You should fill sAMAccountName or userPrincipalName
Account remain disabled until you set password for it according to domain password policies
Any password related operations need to be done using secure connection
When creating account, open context of OU when you want to create user object.Then call method for add it
Read this document : http://msdn.microsoft.com/en-us/magazine/cc135979.aspx
(I know, is for .NET, but is it very very similar to Java LDAP api)
Hope this helps you
An object class schema violation means that there is one or more required attribute that is missing from the object that you are trying to create. So you need to look at the schemas for top, person, organizationalPerson, and user and ensure that you are setting all of the attributes that are required.