堆栈内存溢出
  简体   繁体   English

如何在AD中通过LDAP启用用户?

[英]How to enable user via LDAP in AD?

 原文  2011-08-23 08:04:42       java/ active-directory/ ldap

问题描述

In my program (jldap-based) I trying to enable user in AD by setting userAccountControl value to 512. User created with following attributes: 在我的程序(基于jldap)中,我尝试通过将userAccountControl值设置为512来启用AD中的用户。使用以下属性创建的用户: 

objectClass=user
cn=username
name=username
userAccountControl=512
userPassword={BASE64}<base64 encoded password>
sAMAccountName=username
distinguishedName=username,CN=Users,DC=company,DC=com

But I get exception: 但我得到例外: 

LDAPException: Unwilling To Perform (53) Unwilling To Perform
LDAPException: Server Message: 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0

May be anybody can tell me where I'm making an error? 可能有人能告诉我我在哪里犯了错误吗? Maybe I forgot some required attribute? 也许我忘了一些必要的属性?

EDIT: 编辑:

My code (It is trivial and I think that no errors in it): 我的代码(这是微不足道的,我认为它没有错误): 

LDAPConnection connection;
LDAPMessageQueue messageQueue;
...
LDAPAttributeSet attributes = new LDAPAttributeSet();
attributes.add(new LDAPAttribute("objectClass", "user"));
attributes.add(new LDAPAttribute("cn", "username"));
attributes.add(new LDAPAttribute("name", "username"));
attributes.add(new LDAPAttribute("userAccountControl", "512"));
attributes.add(new LDAPAttribute("userPassword", "{BASE64}<base64 encoded password>"));
attributes.add(new LDAPAttribute("sAMAccountName", "username"));
attributes.add(new LDAPAttribute("distinguishedName", "username,CN=Users,DC=company,DC=com"));

LDAPEntry entry = new LDAPEntry("CN=username,CN=Users,DC=company,DC=com", attributes);
connection.add(entry);

1 个解决方案

解决方案1
 4 已采纳  2011-08-23 08:46:18

This error can arise when the password is not correctly encoded. 密码未正确编码时可能会出现此错误。 Make sure it's a Base64 encoded UTF-16LE string. 确保它是Base64编码的UTF-16LE字符串。

Example (if you are using Oracle JVM) 示例(如果您使用的是Oracle JVM) 

String pass = "password";
sun.misc.BASE64Encoder enc = new sun.misc.BASE64Encoder();
String encoded = enc.encode(pass.getBytes("UTF-16LE"));

UPDATE 1: Have you tried running your code without the userAccountControl attribute (to rule in or out that it's actually that attribute that is causing problems)? 更新1:您是否尝试在没有userAccountControl属性的情况下运行代码(为了规则或者说它实际上是导致问题的属性)?

I noticed that your distinguished name attribute looks a bit strange, as well. 我注意到你的专有名称属性看起来有点奇怪。 It should probably look something like CN=username,OU=Users,DC=company,DC=com . 它应该看起来像CN=username,OU=Users,DC=company,DC=com

UPDATE 2: see Adding a user with a password in Active Directory LDAP . 更新2:请参阅在Active Directory LDAP中添加具有密码的用户 WILL_NOT_PERFORM can be returned if you are trying to set password for an entry (which you are, since you're creating it) over a non-SSL connection. 如果您尝试通过非SSL连接为条目设置密码(因为您正在创建密码),则可以返回WILL_NOT_PERFORM。 You need to make sure you are connecting to the AD server over SSL (and set up certificates as required). 您需要确保通过SSL连接到AD服务器(并根据需要设置证书)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 尝试通过LDAP启用用户时出现WILL_NOT_PERFORM错误 - Getting WILL_NOT_PERFORM error when trying to enable user via LDAP 如何在Java中通过LDAP获取AD组的所有成员 - How to get all members of AD group via LDAP in Java LDAP:如何在 JAVA 中从多个 AD 组中检索用户数据 - LDAP: How to retrieve user data from multiple AD groups in JAVA 如何将AD组映射到用户角色Spring Security LDAP - How to Map AD Groups to User Role Spring Security LDAP LDAP / AD - 如何确定用户名或密码是否不匹配 - LDAP/AD - How to determine whether user name or password is mismatch 使用Java和LDAP将用户添加到AD LDS(ADAM) - Adding a user to AD LDS (ADAM) with Java and LDAP AD通过LDAP - 如何从查询中返回所有祖先组? - AD via LDAP - How can I return all ancestor groups from a query? 如何在CQ 6中通过LDAP通过目录对用户进行身份验证 - How to authenticate user against directory via LDAP in CQ 6 使用LDAP / Java启用Active Directory用户 - Enable an Active Directory user with LDAP/Java 如何使用Spring LDAP模板连接到AWS Simple AD LDAP - How to connect to AWS Simple AD LDAP using Spring LDAP Template
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM