Announcement Announcement Module
Collapse
No announcement yet.
deleting attribute of Active Directory Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • deleting attribute of Active Directory

    Hi All,

    I'm trying to delete a "member" attribute of an Active Directory group with the following code:

    Code:
            DistinguishedName groupDN = getGroupDN(groupName);
            DistinguishedName userDN = getUserDN(userName);
            ModificationItem[] mods = new ModificationItem[1];
            mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("member", userDN));
            ldapTemplate.modifyAttributes(groupDN, mods);
    And I'm getting the following error:

    ================================================== ===================================
    net.sf.ldaptemplate.UncategorizedLdapException: Operation failed; nested exception is javax.naming.directory.InvalidAttributeValueExcept ion: Malformed 'member' attribute value; remaining name 'cn=HRAccessTest, cn=Users, dc=main, dc=chronossystems, dc=com'
    Caused by: javax.naming.directory.InvalidAttributeValueExcept ion: Malformed 'member' attribute value; remaining name 'cn=HRAccessTest, cn=Users, dc=main, dc=chronossystems, dc=com'
    at com.sun.jndi.ldap.LdapClient.encodeAttribute(LdapC lient.java:951)
    at com.sun.jndi.ldap.LdapClient.modify(LdapClient.jav a:920)
    at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapC tx.java:1433)
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_mod ifyAttributes(ComponentDirContext.java:255)
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContex t.modifyAttributes(PartialCompositeDirContext.java :172)2006-07-28 18:46:34,458 ERROR - APPLI9999 Exception class net.sf.ldaptemplate.UncategorizedLdapException : Operation failed; nested exception is javax.naming.directory.InvalidAttributeValueExcept ion: Malformed 'member' attribute value; remaining name 'cn=HRAccessTest, cn=Users, dc=main, dc=chronossystems, dc=com'

    at javax.naming.directory.InitialDirContext.modifyAtt ributes(InitialDirContext.java:153)
    at net.sf.ldaptemplate.LdapTemplate$9.executeWithCont ext(LdapTemplate.java:508)
    at net.sf.ldaptemplate.LdapTemplate.executeWithContex t(LdapTemplate.java:408)
    at net.sf.ldaptemplate.LdapTemplate.executeReadWrite( LdapTemplate.java:403)
    at net.sf.ldaptemplate.LdapTemplate.modifyAttributes( LdapTemplate.java:505)
    at com.chronossystems.HRAccess.GroupGenerator.LDAP.Ld apDAOImpl.deleteUserFromGroup(LdapDAOImpl.java:53)
    at com.chronossystems.HRAccess.GroupGenerator.GroupGe nerator.processEmployeesInADGroup(GroupGenerator.j ava:122)
    at com.chronossystems.HRAccess.GroupGenerator.GroupGe nerator.processReport(GroupGenerator.java:95)
    at com.chronossystems.HRAccess.GroupGenerator.GroupGe nerator.generate(GroupGenerator.java:41)
    at com.chronossystems.HRAccess.GroupGenerator.GroupGe nerator.main(GroupGenerator.java:207)
    ================================================== ===================================

    The groupDN and userDN objects has been queried successfully and they seems ok. (groupDN = cn=HRAccessTest, cn=Users, dc=main, dc=chronossystems, dc=com, userDN = cn=Istvan Zsamboki, cn=Users, dc=main, dc=chronossystems, dc=com). The given group has a member attribute and the value of it is the dn of the given user.

    My application context file is the following:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
        "http://www.springframework.org/dtd/spring-beans.dtd">
    <beans>
        <bean id="contextSource" class="net.sf.ldaptemplate.support.LdapContextSource">
            <property name="urls" value="ldap://main.chronossystems.com:389" />
            <property name="base" value="DC=chronossystems,DC=com" />
            <property name="userName" value="CN=Istvan Zsamboki,CN=Users,DC=main,DC=chronossystems,DC=com" />
            <property name="password" value="xxxxxx" />
            <property name="authenticatedReadOnly" value="true" />
            <property name="baseEnvironmentProperties">
                <map>
                    <entry key="java.naming.referral" value="follow" />
                </map>
            </property>
        </bean>
        <bean id="ldapTemplate" class="net.sf.ldaptemplate.LdapTemplate">
            <constructor-arg ref="contextSource" />
        </bean>
        <bean id="ldapDAO" class="com.chronossystems.HRAccess.GroupGenerator.LDAP.LdapDAOImpl">
            <property name="ldapTemplate" ref="ldapTemplate" />
            <property name="base" value="DC=chronossystems,DC=com" />
        </bean>
    </beans>
    What is wrong?

    Thanks in advance,
    zsazsa

  • #2
    You are supplying a DistinguishedName object as the attribute value to the ModificationItem, while the actual attribute values are Strings.

    Try:
    Code:
    mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("member", userDN.encode()));
    That should work.

    Comment


    • #3
      Yes, it works, thank you.

      Unfortunately I got full dn to the groupDN and it did not worked in this way. I had to remove the baseDN from the end of groupDN before calling modifyAttributes. I hope this is the normal working of the ldapTemplate.

      Regards,
      Istvan

      Comment


      • #4
        If you have supplied a base DN in the ContextSource configuration, the base should be stripped from all DistinguishedNames in the code (Not the attribute value; that needs to be the full DN). That really has nothing to do with LdapTemplate, it's just plain LDAP .

        Comment

        Working...
        X