[英]How to enable user via LDAP in AD?
In my program (jldap-based) I trying to enable user in AD by setting userAccountControl value to 512. User created with following attributes: 在我的程序(基于jldap)中,我尝试通过将userAccountControl值设置为512来启用AD中的用户。使用以下属性创建的用户:
objectClass=user
cn=username
name=username
userAccountControl=512
userPassword={BASE64}<base64 encoded password>
sAMAccountName=username
distinguishedName=username,CN=Users,DC=company,DC=com
But I get exception: 但我得到例外:
LDAPException: Unwilling To Perform (53) Unwilling To Perform
LDAPException: Server Message: 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
May be anybody can tell me where I'm making an error? 可能有人能告诉我我在哪里犯了错误吗? Maybe I forgot some required attribute? 也许我忘了一些必要的属性?
EDIT: 编辑:
My code (It is trivial and I think that no errors in it): 我的代码(这是微不足道的,我认为它没有错误):
LDAPConnection connection;
LDAPMessageQueue messageQueue;
...
LDAPAttributeSet attributes = new LDAPAttributeSet();
attributes.add(new LDAPAttribute("objectClass", "user"));
attributes.add(new LDAPAttribute("cn", "username"));
attributes.add(new LDAPAttribute("name", "username"));
attributes.add(new LDAPAttribute("userAccountControl", "512"));
attributes.add(new LDAPAttribute("userPassword", "{BASE64}<base64 encoded password>"));
attributes.add(new LDAPAttribute("sAMAccountName", "username"));
attributes.add(new LDAPAttribute("distinguishedName", "username,CN=Users,DC=company,DC=com"));
LDAPEntry entry = new LDAPEntry("CN=username,CN=Users,DC=company,DC=com", attributes);
connection.add(entry);
This error can arise when the password is not correctly encoded. 密码未正确编码时可能会出现此错误。 Make sure it's a Base64 encoded UTF-16LE string. 确保它是Base64编码的UTF-16LE字符串。
Example (if you are using Oracle JVM) 示例(如果您使用的是Oracle JVM)
String pass = "password";
sun.misc.BASE64Encoder enc = new sun.misc.BASE64Encoder();
String encoded = enc.encode(pass.getBytes("UTF-16LE"));
UPDATE 1: Have you tried running your code without the userAccountControl attribute (to rule in or out that it's actually that attribute that is causing problems)? 更新1:您是否尝试在没有userAccountControl属性的情况下运行代码(为了规则或者说它实际上是导致问题的属性)?
I noticed that your distinguished name attribute looks a bit strange, as well. 我注意到你的专有名称属性看起来有点奇怪。 It should probably look something like CN=username,OU=Users,DC=company,DC=com
. 它应该看起来像CN=username,OU=Users,DC=company,DC=com
。
UPDATE 2: see Adding a user with a password in Active Directory LDAP . 更新2:请参阅在Active Directory LDAP中添加具有密码的用户 。 WILL_NOT_PERFORM can be returned if you are trying to set password for an entry (which you are, since you're creating it) over a non-SSL connection. 如果您尝试通过非SSL连接为条目设置密码(因为您正在创建密码),则可以返回WILL_NOT_PERFORM。 You need to make sure you are connecting to the AD server over SSL (and set up certificates as required). 您需要确保通过SSL连接到AD服务器(并根据需要设置证书)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.