stackoom
  简体   繁体   中英

How to enable user via LDAP in AD?

 原文  2011-08-23 08:04:42       java/ active-directory/ ldap

Question

In my program (jldap-based) I trying to enable user in AD by setting userAccountControl value to 512. User created with following attributes: 

objectClass=user
cn=username
name=username
userAccountControl=512
userPassword={BASE64}<base64 encoded password>
sAMAccountName=username
distinguishedName=username,CN=Users,DC=company,DC=com

But I get exception: 

LDAPException: Unwilling To Perform (53) Unwilling To Perform
LDAPException: Server Message: 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0

May be anybody can tell me where I'm making an error? Maybe I forgot some required attribute?

EDIT:

My code (It is trivial and I think that no errors in it): 

LDAPConnection connection;
LDAPMessageQueue messageQueue;
...
LDAPAttributeSet attributes = new LDAPAttributeSet();
attributes.add(new LDAPAttribute("objectClass", "user"));
attributes.add(new LDAPAttribute("cn", "username"));
attributes.add(new LDAPAttribute("name", "username"));
attributes.add(new LDAPAttribute("userAccountControl", "512"));
attributes.add(new LDAPAttribute("userPassword", "{BASE64}<base64 encoded password>"));
attributes.add(new LDAPAttribute("sAMAccountName", "username"));
attributes.add(new LDAPAttribute("distinguishedName", "username,CN=Users,DC=company,DC=com"));

LDAPEntry entry = new LDAPEntry("CN=username,CN=Users,DC=company,DC=com", attributes);
connection.add(entry);

1 answers

solution1
 4 ACCPTED  2011-08-23 08:46:18

This error can arise when the password is not correctly encoded. Make sure it's a Base64 encoded UTF-16LE string.

Example (if you are using Oracle JVM) 

String pass = "password";
sun.misc.BASE64Encoder enc = new sun.misc.BASE64Encoder();
String encoded = enc.encode(pass.getBytes("UTF-16LE"));

UPDATE 1: Have you tried running your code without the userAccountControl attribute (to rule in or out that it's actually that attribute that is causing problems)?

I noticed that your distinguished name attribute looks a bit strange, as well. It should probably look something like CN=username,OU=Users,DC=company,DC=com .

UPDATE 2: see Adding a user with a password in Active Directory LDAP . WILL_NOT_PERFORM can be returned if you are trying to set password for an entry (which you are, since you're creating it) over a non-SSL connection. You need to make sure you are connecting to the AD server over SSL (and set up certificates as required).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Getting WILL_NOT_PERFORM error when trying to enable user via LDAP How to get all members of AD group via LDAP in Java LDAP: How to retrieve user data from multiple AD groups in JAVA How to Map AD Groups to User Role Spring Security LDAP LDAP/AD - How to determine whether user name or password is mismatch Adding a user to AD LDS (ADAM) with Java and LDAP AD via LDAP - How can I return all ancestor groups from a query? How to authenticate user against directory via LDAP in CQ 6 Enable an Active Directory user with LDAP/Java How to connect to AWS Simple AD LDAP using Spring LDAP Template
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM