Adding a user with a password in Active Directory LDAP
Yes, the WILL_NOT_PERFORM error is AD telling you that you need to use an SSL connection to set the password.
To make an SSL connection, you need to use a URL that looks like: ldaps://your.ldap.server:636
(note the "ldaps"). If you get a certificate validation error, you'll need to use "keytool" to import the AD server's certificate into your Java keystore, so your Java application recognizes the certificate as valid.
Admin
Updated on July 09, 2022Comments
-
Admin almost 2 years
this is my first time on StackOverflow, I hope I will get some responses here. I am using Windows Active Directory 2008 to store new user from java using the spring-ldap api
My problem is that I am unable to add user with password. I read somewhere that in AD to set a password, I should use the
unicodePwd
attribute. Source: http://geekswithblogs.net/lance/archive/2005/08/19/LdapAuthenticationASP.aspxpublic void insertContact(ContactDTO contactDTO) { try{ Attributes personAttributes = new BasicAttributes(); BasicAttribute personBasicAttribute = new BasicAttribute("objectclass"); personBasicAttribute.add("person"); personBasicAttribute.add("user"); personAttributes.put(personBasicAttribute); personAttributes.put("givenName", contactDTO.getCommonName()); personAttributes.put("cn", contactDTO.getCommonName()); personAttributes.put("sn", contactDTO.getLastName()); personAttributes.put("description", contactDTO.getDescription()); personAttributes.put("unicodePwd", this.createUnicodePassword(contactDTO.getPassword()) ); personAttributes.put("userPrincipalName", contactDTO.getUserLoginName()); personAttributes.put("sAMAccountName", contactDTO.getsAMAccountName()); personAttributes.put("displayname", contactDTO.getDisplayname()); // personAttributes.put( "pwdLastSet", "0" ); // personAttributes.put( "LockOutTime", "0" ); personAttributes.put("userAccountControl", "544"); BasicAttribute roomAttribute = new BasicAttribute("roomNumber"); for(String r : contactDTO.getRoomNumber()) { roomAttribute.add(r); } personAttributes.put(roomAttribute); DistinguishedName newContactDN = new DistinguishedName(); newContactDN.add("cn", contactDTO.getCommonName()); ldapTemplate.bind(newContactDN, null, personAttributes); } public byte[] createUnicodePassword(String password){ return toUnicodeBytes(doubleQuoteString(password)); } private byte[] toUnicodeBytes(String str){ byte[] unicodeBytes = null; try{ byte[] unicodeBytesWithQuotes = str.getBytes("Unicode"); unicodeBytes = new byte[unicodeBytesWithQuotes.length - 2]; System.arraycopy(unicodeBytesWithQuotes, 2, unicodeBytes, 0, unicodeBytesWithQuotes.length - 2); } catch(UnsupportedEncodingException e){ // This should never happen. e.printStackTrace(); } return unicodeBytes; } private String doubleQuoteString(String str){ StringBuffer sb = new StringBuffer(); sb.append("\""); sb.append(str); sb.append("\""); return sb.toString(); }
but it given me error code 53
enter code here: org.springframework.ldap.UncategorizedLdapException: Operation failed; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0
i not know how i set user password in AD. i also read some where to set unicodePwd we need SSL if this required than how i can do it. is there any alternative to solve this issue please help me