So, I'm writing code that will create user accounts in AD LDS. I can create the user, but the account is disabled.
I want the user to be active and to be able to change their password. I've tried some of the things suggested in this post , but it hasn't helped me.
Here's my code:
ctx = getConnection(adminUser, adminPassword);
// Create attributes for the new user
Attributes attributes = new BasicAttributes(true);
// Main attributes for user
attributes.put("objectClass", "user");
attributes.put("name", user.getFullName());
attributes.put("ms-DS-User-Account-Control-Computed",
Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED));
try {
ctx.createSubcontext(getDistinguishedName(user.getFullName()),
attributes);
System.out.println("User successfully added!");
} catch (NamingException e) {
e.printStackTrace();
}
When I run this, I get the following error:
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D11, comment: Error in attribute conversion operation, data 0, v23f0remaining name 'CN=Samuel King,CN=Users,CN=Agents,DC=CHESA,DC=local' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at javax.naming.directory.InitialDirContext.createSubcontext(Unknown Source) at com.ceiwc.ActiveDirectory.createUserAccount(ActiveDirectory.java:114) at com.ceiwc.TestAD.main(TestAD.java:24)
If I change the line where I'm updating the ms-DS-User-Account-Control-Computed to:
attributes.put("ms-DS-User-Account-Control-Computed", UF_NORMAL_ACCOUNT
+ UF_PASSWORD_EXPIRED);
i get the following error:
javax.naming.directory.InvalidAttributeValueException: Malformed 'ms-DS-User-Account-Control-Computed' attribute value; remaining name 'CN=Samuel King,CN=Users,CN=Agents,DC=CHESA,DC=local' at com.sun.jndi.ldap.LdapClient.encodeAttribute(Unknown Source) at com.sun.jndi.ldap.LdapClient.add(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at javax.naming.directory.InitialDirContext.createSubcontext(Unknown Source) at com.ceiwc.ActiveDirectory.createUserAccount(ActiveDirectory.java:116) at com.ceiwc.TestAD.main(TestAD.java:24)
So, what am I doing wrong? Is this the proper way to activate the account? Does someone have any code to help me out?
Thanks!
NuAlphaMan,
I think, that the exception has something to do with the fact that you use CN as the name of the attribute instead of Ldap-Display-Name which is msDS-User-Account-Control-Computed. The description could be found here http://msdn.microsoft.com/en-us/library/windows/desktop/ms677840(v=vs.85).aspx .
As to the second question of how to activate an account, I've found that there is an attribute userAccountControl ( http://msdn.microsoft.com/en-us/library/windows/desktop/ms680832(v=vs.85).aspx#win_2008_r2 ) and the value 0x00000002 (ADS_UF_ACCOUNTDISABLE) that can disable an account. The only thing that crosses my mind is to try to read the value and flip the bit.
Regards, Dmitry
NoSuchAttributeException: "Indicates that the attribute specified in the modify or compare operation does not exist in the entry."
Malformed 'ms-DS-User-Account-Control-Computed' attribute value: means wrong attribute type.
here is my working example, that i check with ActiveDirectory 2008:
public void mapToContext(int userAccountControl, DirContextAdapter context) {
context.setAttributeValue("userAccountControl", disableAccount(userAccountControl));
}
private String disableAccount(int userAccountControl) {
userAccountControl |= AccountControlFlags.ACCOUNTDISABLE;
return String.valueOf(userAccountControl);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.