使用Java和LDAP将用户添加到AD LDS(ADAM)
[英]Adding a user to AD LDS (ADAM) with Java and LDAP
问题描述
EDIT4: Got my application to write the user to the active directory, but the active directory complains when I try to enable the user 
EDIT4:我的应用程序将用户写入活动目录,但当我尝试启用用户时,活动目录会抱怨
Previous messages 以前的消息
I'm trying to add a user to my local Active Directory (with AD LDS) by using Java (1.4) and LDAP. 我正在尝试使用Java(1.4)和LDAP将用户添加到我的本地Active Directory(使用AD LDS)。 However, I keep getting the following error: 但是,我不断收到以下错误:
javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - 0000207B : UpdErr: DSID-030511CF, problem 6002 (OBJ_CLASS_VIOLATION), data 0 ];
My code: 我的代码:
public static void main(String[] args) {
try {
DirContext ctx = new InitialDirContext(X_Ldap.getEnvironment());
user usr = new user("Test user", "FALSE");
ctx.bind(
"CN=Test user,OU=Accounts,DC=PORTAL,DC=COMPANY,DC=BE", usr);
// X_Ldap.checkIfUserExists("Test User");
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
public class user implements DirContext {
String type;
/**
*
* @param isDisabled
* TRUE or FALSE (literally)
*/
public user(String username, String isDisabled) {
String type = username;
Attributes attr = new BasicAttributes(true);
Attribute oc = new BasicAttribute("objectclass");
oc.add("top");
oc.add("person");
oc.add("organizationalPerson");
oc.add("user");
Attribute memberOf = new BasicAttribute("memberOf");
memberOf.add("CN=Users,CN=Roles,DC=PORTAL,DC=COMPANY,DC=BE");
attr.put(oc);
attr.put("msDS-UserAccountDisabled", isDisabled);
attr.put(memberOf);
attr.put("comment", username);
}
public String toString() {
return type;
}
}
edit I checked one of my user objects for mandatory attributes, but I'm not sure what i should fill in for all of them: 编辑我检查了我的一个用户对象的强制属性,但我不确定我应该填写所有这些属性:
cn: Jane Doe -- Unicode string
instanceType: 0x4 = (WRITE) -- Integer
objectCategory: CN=Person,CN=Schema,CN=Configuration,CN={EDBEACA1-6F60-413C-80F2-6C5CE265F22F} -- Distinguished Name
objectClass: top;
objectSid: S-1-372665300-2234744891-519896106-1336725265-1748609191-3385095770 -- SID
EDIT2: My current code: EDIT2:我目前的代码:
public class newuser {
public static void main(String[] args) {
String userName = "cn=Albert Einstein,ou=Accounts,DC=PORTAL,DC=COMPANY,DC=BE";
// String groupName =
// "cn=Users,cn=Roles,DC=PORTAL,DC=COMPANY,DC=BE";
try {
// Create the initial directory context
System.out.println("Creating initial directory context...");
LdapContext ctx = new InitialLdapContext(X_Ldap.getEnvironment(),
null);
// Create attributes to be associated with the new user
Attributes attrs = new BasicAttributes(true);
// some useful constants from lmaccess.h
int UF_ACCOUNTDISABLE = 0x0002;
int UF_PASSWD_NOTREQD = 0x0020;
int UF_PASSWD_CANT_CHANGE = 0x0040;
int UF_NORMAL_ACCOUNT = 0x0200;
int UF_DONT_EXPIRE_PASSWD = 0x10000;
int UF_PASSWORD_EXPIRED = 0x800000;
attrs.put("objectClass", "user");
attrs.put("cn", "Albert Einstein");
// These are some optional (but useful) attributes
attrs.put("givenName", "Albert");
attrs.put("sn", "Einstein");
attrs.put("displayName", "Albert Einstein");
attrs.put("description", "Research Scientist");
attrs.put("userPrincipalName", "AlbertE@antipodes.com");
attrs.put("mail", "relativity@antipodes.com");
attrs.put("telephoneNumber", "999 123 4567");
String newQuotedPassword = "\"Pass123\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16");
attrs.put("unicodePwd", newUnicodePassword);
attrs.put("msDS-User-Account-Control-Computed",
Integer.toString(UF_NORMAL_ACCOUNT + UF_DONT_EXPIRE_PASSWD));
// Create the context
System.out.println("Creating context...");
Context result = ctx.createSubcontext(userName, attrs);
System.out.println("Created disabled account for: " + userName);
ctx.close();
System.out.println("Successfully created User: " + userName);
} catch (NamingException e) {
System.err.println("Problem creating object: " + e);
}
catch (IOException e) {
System.err.println("Problem creating object: " + e);
}
}
}
Still have following problem: 还有以下问题:
String newQuotedPassword = "\"Pass123\"";
byte[] newUnicodePassword = newQuotedPassword.getBytes("UTF-16");
attrs.put("unicodePwd", newUnicodePassword);
gives me the following exception: 给了我以下例外:
Creating initial directory context... Problem creating object: java.io.UnsupportedEncodingException: UTF16LE
note: I disabled the requirement for SSL to change the password 注意:我禁用了SSL更改密码的要求
EDIT 3: apparently the "User Account control" is not supported by AD LDS and is split up in a number of different attributes. 编辑3:显然AD LDS不支持“用户帐户控制”,并且分为许多不同的属性。
4 个解决方案
解决方案1
2 已采纳 2012-03-19 12:46:34
You perhaps can have a look to Using JAVA code with Active Directory especialy Creating new users & demystifying userAccountControl 您可能可以查看在Active Directory中使用JAVA代码,特别是创建新用户和揭开userAccountControl的神秘面纱
For me you forgot the " CN " attribute. 对我来说,你忘记了“ CN ”属性。
解决方案2
1 2012-03-16 16:00:58
Check your schema documentation which which attributes are allowed and required for person , user , and organizationalPerson object classes. 检查架构文档,了解person , user和organizationalPerson对象类允许和需要哪些属性。 Ensure that the entry the code is trying to add has all the attributes that are required, and only attributes that are allowed or required. 确保代码尝试添加的条目具有所需的所有属性,并且只包含允许或必需的属性。
解决方案3
1 2012-03-19 09:22:48
Here are some know how which I learned during development of user account management application (ASP. NET) for Active Directory 2008: 以下是我在为Active Directory 2008开发用户帐户管理应用程序(ASP .NET)时学到的一些知识:
You should fill sAMAccountName or userPrincipalName
您应该填写sAMAccountName或userPrincipalName Account remain disabled until you set password for it according to domain password policies
在根据域密码策略为其设置密码之前,帐户将保持禁用状态 Any password related operations need to be done using secure connection
任何与密码相关的操作都需要使用安全连接来完成 When creating account, open context of OU when you want to create user object.Then call method for add it
创建帐户时,在要创建用户对象时打开OU的上下文。然后调用方法添加它
Read this document : http://msdn.microsoft.com/en-us/magazine/cc135979.aspx 阅读本文档: http : //msdn.microsoft.com/en-us/magazine/cc135979.aspx
(I know, is for .NET, but is it very very similar to Java LDAP api) (我知道,适用于.NET,但它与Java LDAP api非常相似)
Hope this helps you 希望这对你有所帮助
解决方案4
0 2012-03-16 16:01:45
An object class schema violation means that there is one or more required attribute that is missing from the object that you are trying to create. 对象类架构违规意味着您尝试创建的对象中缺少一个或多个必需属性。 So you need to look at the schemas for top, person, organizationalPerson, and user and ensure that you are setting all of the attributes that are required. 因此,您需要查看top,person,organizationalPerson和user的模式,并确保设置所需的所有属性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.