Subject: How to add an active user account to Active Directory
Author: JNDI
Posted on: 10/03/2012 08:24:46 PM
Why does it matter?
Let's first look at the code below:
/**
* Sample JNDI example code to add a user account to SunOne
*/
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class JNDI_Add_User {
public static void main(String[] args)
{
String ldapURL = "ldap://mySunOne.myCompany.com:389";
String bindDn = "cn=Directory Manager";
String bindPwd = "password";
// Set up the environment for creating the initial context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapURL);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, bindDn);
env.put(Context.SECURITY_CREDENTIALS, bindPwd);
try {
// Create the initial context
DirContext ctx = new InitialDirContext(env);
// Attributes to represent the user
Attributes attrs = new BasicAttributes(true); // case-ignore
// objectClass
Attribute attr = new BasicAttribute("objectClass");
attr.add("top");
attr.add("person");
attr.add("organizationalPerson");
attr.add("inetOrgPerson");
attrs.put(attr);
// MUST attribute
attrs.put("cn", "John Smith");
// MAY attribute
attrs.put("givenName", "John");
attrs.put("sn", "Smith");
attrs.put("userPassword", "password");
// Create the user account
ctx.createSubcontext(
"cn=John Smith,ou=People,dc=example,dc=com",
attrs);
// close
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
}
It's working perfectly for most LDAP compliant directory servers including openLDAP, openDJ and SunOne. The newly added user account can be used to provide authentication service.
Now run the same code (with necessary changes on objectclass and others) to add user into AD (Active Directory).
/**
* Sample JNDI example code to add a user account in Active Directory
*/
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class JNDI_Add_User {
public static void main(String[] args)
{
String ldapURL = "ldap://myAD.myCompany.com:389";
String bindDn = "CN=Administrator,CN=Users,DC=myCompany,DC=com";
String bindPwd = "password";
// Set up the environment for creating the initial context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapURL);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, bindDn);
env.put(Context.SECURITY_CREDENTIALS, bindPwd);
try {
// Create the initial context
DirContext ctx = new InitialDirContext(env);
// Attributes to represent the user
Attributes attrs = new BasicAttributes(true); // case-ignore
// objectClass
Attribute attr = new BasicAttribute("objectClass");
attr.add("top");
attr.add("person");
attr.add("organizationalPerson");
attr.add("user");
attrs.put(attr);
// MAY attribute
attrs.put("cn", "John Smith");
attrs.put("givenName", "John");
attrs.put("sn", "Smith");
attrs.put("userPassword", "password");
// Create the user account
ctx.createSubcontext(
"cn=John Smith,CN=Users,DC=myCompany,DC=com",
attrs);
// close
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
}
The user account is added. But when this account is used for authentication, you will get the error similar like this:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9,
comment: AcceptSecurityContext error, data 52e, v1db1The account is useless! Why?
Replies:
References:
