Announcement Announcement Module
Collapse
No announcement yet.
Problem with MS Active Directory Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with MS Active Directory

    Hello,
    I'm trying to add a user to a group in a MS AD based Ldap server but I always got the same error:
    Code:
    org.springframework.ldap.EntryNotFoundException: Entry not found; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000
    525: NameErr: DSID-031A0F80, problem 2001 (NO_OBJECT), data 0, best match of: remaining name 'cn=EPTST01GLWEB002, ou=Accounts'
    This is my application context (im using spring 2.0 and the latest spring ldap jar 1.1):
    Code:
    <bean id="contextSource" class="org.springframework.ldap.support.LdapContextSource">
          <property name="url" value="ldap://xxx:389" />
          <property name="base" value="DC=extranet,DC=cap" />
          <property name="userName" value="[email protected]" />
          <property name="password" value="Passw0rd" />
          <!--  not sure about this property..
          <property name="baseEnvironmentProperties">
                <map>
                    <entry key="java.naming.referral" value="follow" />
                </map>
            </property>
          -->
       </bean>
    
       <bean id="ldapTemplate" class="org.springframework.ldap.LdapTemplate">
          <constructor-arg ref="contextSource" />
       </bean>
    	
    	<bean id="userDao" class="com.zurich.ep.security.ldap.UserDaoImpl">
          <property name="ldapTemplate" ref="ldapTemplate" />
                
       </bean>
    And finally the java code:
    Code:
    public void addUserToGroup(String group, String user) {
    		
            DistinguishedName groupDN = getGroupDN(group);
            DistinguishedName userDN = getUserDN(user);
            ModificationItem[] mods = new ModificationItem[1];
            mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userDN.encode()));
            ldapTemplate.modifyAttributes(groupDN, mods);
    }
    
    private DistinguishedName getGroupDN(String groupName) {
    	DistinguishedName dn  = new DistinguishedName();
    	dn.add("ou", "Accounts");
    	dn.add("cn",groupName);
    	return dn;
    }
    private DistinguishedName getUserDN(String userName) {
    	DistinguishedName dn  = new DistinguishedName();
    	dn.add("ou", "Accounts");
    	dn.add("cn",userName);
    	return dn;
    }
    I understand that injecting the base dn for the Context Source should allow me to avoid specifing the base dn every time. Maybe there is someting im missing with MS AD?

    Thanks
    Luciano

  • #2
    The base DN will not be appended to attribute values, i.e. you need to add it yourself in the getUserDN() method.

    The getGroupDN() should work however as this value is used directly as an input to the modifyAttributes method, which will cause the base DN to be automatically appended by the LDAP provider.

    Comment


    • #3
      Hello Mattias,
      thanks, that worked!
      I have changed the "getUserDN()" method to:
      Code:
      private DistinguishedName getUserDN(String userName) {
        //this.base is the baseDN injected in the dao...
        DistinguishedName dn  = new DistinguishedName(this.base);
        dn.add("ou", "Accounts");
        dn.add("cn",userName);
        return dn;
      }
      Luciano

      Comment

      Working...
      X