无法通过 java 使用 ldap 创建组。创建用户作品
Unable to create groups using ldap through java. Creating user works
我正在尝试通过我的 java 应用程序创建广告组。我已经成功创建了一个用户,现在我正在尝试创建一个组。我有以下代码:
public class ProjectActiveDirectoryUserGroupHandling extends ActiveDirectoryUserGroupHandling {
private static final String DOMAIN_NAME = "DOM01.local";
private static final String DOMAIN_ROOT = "DC=DOM01,DC=local";
private static final String DOMAIN_URL = "ldap://10.123.3.10";
private static final String ADMIN_NAME = "DOM01\AdServiceUser";
private static final String ADMIN_PASS = "Password";
private String userName, firstName, lastName, password, organisationUnit, groupName, groupOU;
private LdapContext context;
public void newGroup(String groupName, String organisationUnit) {
this.groupName = groupName;
this.groupOU = organisationUnit;
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ADMIN_NAME);
env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASS);
// connect to my domain controller
env.put(Context.PROVIDER_URL, DOMAIN_URL);
try {
this.context = new InitialLdapContext(env, null);
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
}
public boolean addGroup() throws NamingException {
// Create a container set of attributes
Attributes container = new BasicAttributes();
// Create the objectclass to add
Attribute objClasses = new BasicAttribute("objectClass");
objClasses.add("top");
objClasses.add("groupOfUniqueNames");
// Assign name to the group
Attribute cn = new BasicAttribute("cn", groupName);
Attribute groupType = new BasicAttribute("groupType", "2147483650"); // security group
Attribute desc = new BasicAttribute("description", "testDescription");
// Add these to the container
container.put(objClasses);
container.put(cn);
container.put(groupType);
container.put(desc);
// Create the entry
try {
context.createSubcontext(getGroupDN(groupName, groupOU), container);
return true;
} catch (Exception e) {
_log.error(e);
return false;
}
}
当运行这个时,我得到以下异常:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-0319088A, problem 5003 (WILL_NOT_PERFORM)
我发现这方面的资料不多,所以有点迷茫。希望有人能帮助我。
Ldap 错误代码 53 相当广泛,但希望以下内容可能有所帮助(摘自 here)
Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons:
- The Add Request violates the server's structure rules.
- The Modify Request specifies attributes that users cannot modify.
- Password restrictions prevent the action.
- Connection restrictions prevent the action.
当您尝试添加一个组(并且已经成功连接以创建用户)时,我建议这可能是由于第一个原因 - 您尝试创建的组可能违反了 AD服务器结构规则。
我正在尝试通过我的 java 应用程序创建广告组。我已经成功创建了一个用户,现在我正在尝试创建一个组。我有以下代码:
public class ProjectActiveDirectoryUserGroupHandling extends ActiveDirectoryUserGroupHandling {
private static final String DOMAIN_NAME = "DOM01.local";
private static final String DOMAIN_ROOT = "DC=DOM01,DC=local";
private static final String DOMAIN_URL = "ldap://10.123.3.10";
private static final String ADMIN_NAME = "DOM01\AdServiceUser";
private static final String ADMIN_PASS = "Password";
private String userName, firstName, lastName, password, organisationUnit, groupName, groupOU;
private LdapContext context;
public void newGroup(String groupName, String organisationUnit) {
this.groupName = groupName;
this.groupOU = organisationUnit;
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ADMIN_NAME);
env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASS);
// connect to my domain controller
env.put(Context.PROVIDER_URL, DOMAIN_URL);
try {
this.context = new InitialLdapContext(env, null);
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
}
public boolean addGroup() throws NamingException {
// Create a container set of attributes
Attributes container = new BasicAttributes();
// Create the objectclass to add
Attribute objClasses = new BasicAttribute("objectClass");
objClasses.add("top");
objClasses.add("groupOfUniqueNames");
// Assign name to the group
Attribute cn = new BasicAttribute("cn", groupName);
Attribute groupType = new BasicAttribute("groupType", "2147483650"); // security group
Attribute desc = new BasicAttribute("description", "testDescription");
// Add these to the container
container.put(objClasses);
container.put(cn);
container.put(groupType);
container.put(desc);
// Create the entry
try {
context.createSubcontext(getGroupDN(groupName, groupOU), container);
return true;
} catch (Exception e) {
_log.error(e);
return false;
}
}
当运行这个时,我得到以下异常:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-0319088A, problem 5003 (WILL_NOT_PERFORM)
我发现这方面的资料不多,所以有点迷茫。希望有人能帮助我。
Ldap 错误代码 53 相当广泛,但希望以下内容可能有所帮助(摘自 here)
Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons:
- The Add Request violates the server's structure rules.
- The Modify Request specifies attributes that users cannot modify.
- Password restrictions prevent the action.
- Connection restrictions prevent the action.
当您尝试添加一个组(并且已经成功连接以创建用户)时,我建议这可能是由于第一个原因 - 您尝试创建的组可能违反了 AD服务器结构规则。