Java-LDAP：属性为只读

Question

I am using UnboundID-LDAPSDK (2.3.8) to change the user's photo in our Microsoft Active Directory.

LDAPConnection ldap = null;
        try {
            ldap = new LDAPConnection("domain-srv", 389, "CN=admin,OU=Users,OU=ADM,DC=domain,DC=local", "password");
            SearchResult sr = ldap.search("DC=domain,DC=local", SearchScope.SUB, "(sAMAccountName=" + getUser().getUsername() + ")");
            if (sr.getEntryCount() == 1) {
                SearchResultEntry entry = sr.getSearchEntries().get(0);
                entry.setAttribute("thumbnailPhoto", getUser().getPhotoAsByteArray());

                ldap.close();
                return true;
            } else
                return false;

        } catch (LDAPException e) {
            e.printStackTrace();
        }

But I get a java.lang.UnsupportedOperationException.

The documentation for setAttribute states:

Throws an UnsupportedOperationException to indicate that this is a read-only entry.

I also tried to change the postalCode but I get the same exception.

Changing those attributes should be possible, because I can change them with jXplorer.

Do I have to enable a write-mode somehow?

Thank you

Answer 1

The SearchResultEntry object extends ReadOnlyEntry and is therefore immutable. But even if it weren't, merely calling entry.setAttribute would have no effect on the data in the server. You have to use a modify operation for that.

To do that, you'd need something like:

 ModifyRequest modifyRequest = new ModifyRequest(entry.getDN(),
      new Modification(ModificationType.REPLACE,
           "thumbnailPhoto", getUser().getPhotoAsByteArray());
 ldap.modify(modifyRequest);

Also, you should put the call to ldap.close() in a finally block because as the code is written now, you're only closing the connection if the search is successful and returns exactly one entry, but not if the search fails, doesn't match any entries, or the attempt to perform the modify fails.