stackoom
  简体   繁体   中英

Getting WILL_NOT_PERFORM error when trying to enable user via LDAP

 原文  2012-02-15 20:12:38       java/ active-directory

Question

I'm trying to create a new Active Directory user via ldap, but the user is disabled on creation. I am trying to set the userAccountControl attribute to 512, but I am getting an error WILL_NOT_PERFORM. I've read this is because the password isn't being set, but I can't tell why. Creating the user with the userPassword attribute set is working fine.

Here is the code: 

    // Create a container set of attributes
    Attributes container = new BasicAttributes();

    // Assign the properties we need to set on the user
    container.put(new BasicAttribute("objectClass", "user"));
    container.put(new BasicAttribute("cn", userName));
    container.put(new BasicAttribute("sAMAccountName", userName));
    container.put(new BasicAttribute("name", userName));
    container.put(new BasicAttribute("givenName", userName));
    container.put(new BasicAttribute("userPassword", password));

    String fullDomainName = getFullUserName(userName);
    // Create the entry
    try{
        context.createSubcontext(fullDomainName, container);
    }catch(Exception e){
        System.err.println("Error creating user: " );
        e.printStackTrace();
        throw e;
    }

    ModificationItem[] userMods = new ModificationItem[1];
    userMods[0] = new ModificationItem(InitialLdapContext.REPLACE_ATTRIBUTE, new BasicAttribute("userAccountControl", "512"));
    try{
        context.modifyAttributes(fullDomainName, userMods);
    }catch(Exception e){
        System.err.println("Could not update userAccountControl flag");
        e.printStackTrace();
        throw e;
    }

The first part where I create the user works, the 2nd part where I try to set the userAccountControl flag fails. Any help would be greatly appreciated. Thanks!

2 answers

solution1
 1 ACCPTED  2012-02-16 16:59:07

I found the problem...I had to use the unicodePwd attribute and make sure it was properly encoded: 

    final byte[] quotedPasswordBytes = ('"'+password+'"').getBytes("UTF-16LE");
    container.put(new BasicAttribute("unicodePwd", quotedPasswordBytes));

I found the answers here:

How do I resolve "WILL_NOT_PERFORM" MS AD reply when trying to change password in scala w/ the unboundid LDAP SDK?

http://www.dirmgr.com/blog/2010/8/26/ldap-password-changes-in-active-directory.html

solution2
 0  2012-02-15 20:17:19

Are you connecting to LDAP as a user who has permissions to do this? Or are you connecting to LDAP as either this user, or another user with limited permissions? Perhaps you have the rights to create a new user but not to execute this kind of modify operation? Just a thought, its something I've run into before and beat my head against the wall before realizing my mistake. Good luck

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I resolve "WILL_NOT_PERFORM" MS AD reply when trying to change password in scala w/ the unboundid LDAP SDK? How to enable user via LDAP in AD? Getting error when trying to perform form validation Getting Error when trying to perform form validation with spring and thymeleaf I am getting this error when trying to user AWS CodeGuru Enable an Active Directory user with LDAP/Java Error when trying to do LDAP lookup in active directory getting user DN with user name LDAP “Path not found” error when trying to perform a checkout using SVNKit Getting a Compile error when trying to create matrix with user input. JAVA
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM