问题
I am trying to add an user into Active Directory.
Having in mind:
- Using SSL
- Certificate ok
- Password works fine
With out group association, the user is correctly created.
When I try to associate the user to a group I get the following error:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000209A: SvcErr: DSID-031A1021, problem 5003 (WILL_NOT_PERFORM), data 0
I have used the DN and NAME group attributes but none worked. My code is:
ctx = getContext();
ctx.createSubcontext(entryDN,entry); // it works fine
Attribute memberOf1 = new BasicAttribute("memberOf","NAME_OF_THE_GROUP");
Attributes atts = new BasicAttributes();
atts.put(memberOf1);
ctx.modifyAttributes(entryDN, LdapContext.ADD_ATTRIBUTE, atts); // ## it doesn't work
I tried LdapContext.ADD_ATTRIBUTE and LdapContext.REPLACE_ATTRIBUTE. Also, I tried to add the group with the other attributes but all situation gave me the same error.
Does anyone have any idea what is going on?
Cheers!
回答1:
memberOf is a constructed attribute. You have to add the user to the group's member property, not add the group to the user's memberOf property.
回答2:
The solution code is:
BasicAttribute member = new BasicAttribute("member",entryDN);
Attributes atts = new BasicAttributes();
atts.put(member);
ctx.modifyAttributes("GROUP_DN", LdapContext.ADD_ATTRIBUTE, atts);
Thanks Hall72215.
回答3:
Try to use this, it works for me
ModificationItem[] mods = new ModificationItem[1];
String userDn="cn=user name,CN=Users,DC=domain,DC=com"
String groupDn="cn=Group Name,CN=Groups,DC=domain,DC=com"
Attribute mod =new BasicAttribute("member",userDn);
mods[0] =new ModificationItem(DirContext.ADD_ATTRIBUTE, mod);
ldapContext.modifyAttributes(groupDn, mods);
来源:https://stackoverflow.com/questions/21147625/java-ldap-add-group-to-user-issue-error-code-53-will-not-perform