stackoom
  简体   繁体   中英

Activating a user account on creation in AD LDS

 原文  2013-10-01 22:15:14       java/ active-directory

Question

So, I'm writing code that will create user accounts in AD LDS. I can create the user, but the account is disabled.

I want the user to be active and to be able to change their password. I've tried some of the things suggested in this post , but it hasn't helped me.

Here's my code: 

    ctx = getConnection(adminUser, adminPassword);

    // Create attributes for the new user
    Attributes attributes = new BasicAttributes(true);

    // Main attributes for user
    attributes.put("objectClass", "user");
    attributes.put("name", user.getFullName());

    attributes.put("ms-DS-User-Account-Control-Computed",
            Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED));

    try {
        ctx.createSubcontext(getDistinguishedName(user.getFullName()),
                attributes);
        System.out.println("User successfully added!");
    } catch (NamingException e) {
        e.printStackTrace();
    }

When I run this, I get the following error:

javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D11, comment: Error in attribute conversion operation, data 0, v23f0remaining name 'CN=Samuel King,CN=Users,CN=Agents,DC=CHESA,DC=local' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at javax.naming.directory.InitialDirContext.createSubcontext(Unknown Source) at com.ceiwc.ActiveDirectory.createUserAccount(ActiveDirectory.java:114) at com.ceiwc.TestAD.main(TestAD.java:24)

If I change the line where I'm updating the ms-DS-User-Account-Control-Computed to: 

attributes.put("ms-DS-User-Account-Control-Computed", UF_NORMAL_ACCOUNT
                + UF_PASSWORD_EXPIRED);

i get the following error:

javax.naming.directory.InvalidAttributeValueException: Malformed 'ms-DS-User-Account-Control-Computed' attribute value; remaining name 'CN=Samuel King,CN=Users,CN=Agents,DC=CHESA,DC=local' at com.sun.jndi.ldap.LdapClient.encodeAttribute(Unknown Source) at com.sun.jndi.ldap.LdapClient.add(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at javax.naming.directory.InitialDirContext.createSubcontext(Unknown Source) at com.ceiwc.ActiveDirectory.createUserAccount(ActiveDirectory.java:116) at com.ceiwc.TestAD.main(TestAD.java:24)

So, what am I doing wrong? Is this the proper way to activate the account? Does someone have any code to help me out?

Thanks!

2 answers

solution1
 0  2014-01-31 10:40:51

NuAlphaMan,

I think, that the exception has something to do with the fact that you use CN as the name of the attribute instead of Ldap-Display-Name which is msDS-User-Account-Control-Computed. The description could be found here http://msdn.microsoft.com/en-us/library/windows/desktop/ms677840(v=vs.85).aspx .

As to the second question of how to activate an account, I've found that there is an attribute userAccountControl ( http://msdn.microsoft.com/en-us/library/windows/desktop/ms680832(v=vs.85).aspx#win_2008_r2 ) and the value 0x00000002 (ADS_UF_ACCOUNTDISABLE) that can disable an account. The only thing that crosses my mind is to try to read the value and flip the bit.

Regards, Dmitry

solution2
 0  2018-01-25 10:58:03

NoSuchAttributeException: "Indicates that the attribute specified in the modify or compare operation does not exist in the entry."

Malformed 'ms-DS-User-Account-Control-Computed' attribute value: means wrong attribute type.

here is my working example, that i check with ActiveDirectory 2008: 

    public void mapToContext(int userAccountControl, DirContextAdapter context) {
            context.setAttributeValue("userAccountControl", disableAccount(userAccountControl));
    }

private String disableAccount(int userAccountControl) {
    userAccountControl |= AccountControlFlags.ACCOUNTDISABLE;
    return String.valueOf(userAccountControl);
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Adding a user to AD LDS (ADAM) with Java and LDAP Spring LDAP cannot read from AD LDS Java code wrote for AD account creation but LDAP exception occurred How to set userAccountControl attribute in AD user account User Account Creation: adding to database, retrieving and displaying new user account creation controlled by admin in HSQLDB Error when trying to list of users from active directory (AD LDS) Netscape LDAPJDK for Active Directory Lightweight Directory Services (AD LDS) Creating a user account in AD with JNDI and minimum password age Account subclass object creation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM