0

So, I'm writing code that will create user accounts in AD LDS. I can create the user, but the account is disabled.

I want the user to be active and to be able to change their password. I've tried some of the things suggested in this post, but it hasn't helped me.

Here's my code:

    ctx = getConnection(adminUser, adminPassword);

    // Create attributes for the new user
    Attributes attributes = new BasicAttributes(true);

    // Main attributes for user
    attributes.put("objectClass", "user");
    attributes.put("name", user.getFullName());

    attributes.put("ms-DS-User-Account-Control-Computed",
            Integer.toString(UF_NORMAL_ACCOUNT + UF_PASSWORD_EXPIRED));

    try {
        ctx.createSubcontext(getDistinguishedName(user.getFullName()),
                attributes);
        System.out.println("User successfully added!");
    } catch (NamingException e) {
        e.printStackTrace();
    }

When I run this, I get the following error:

javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D11, comment: Error in attribute conversion operation, data 0, v23f0remaining name 'CN=Samuel King,CN=Users,CN=Agents,DC=CHESA,DC=local' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at javax.naming.directory.InitialDirContext.createSubcontext(Unknown Source) at com.ceiwc.ActiveDirectory.createUserAccount(ActiveDirectory.java:114) at com.ceiwc.TestAD.main(TestAD.java:24)

If I change the line where I'm updating the ms-DS-User-Account-Control-Computed to:

attributes.put("ms-DS-User-Account-Control-Computed", UF_NORMAL_ACCOUNT
                + UF_PASSWORD_EXPIRED);

i get the following error:

javax.naming.directory.InvalidAttributeValueException: Malformed 'ms-DS-User-Account-Control-Computed' attribute value; remaining name 'CN=Samuel King,CN=Users,CN=Agents,DC=CHESA,DC=local' at com.sun.jndi.ldap.LdapClient.encodeAttribute(Unknown Source) at com.sun.jndi.ldap.LdapClient.add(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source) at javax.naming.directory.InitialDirContext.createSubcontext(Unknown Source) at com.ceiwc.ActiveDirectory.createUserAccount(ActiveDirectory.java:116) at com.ceiwc.TestAD.main(TestAD.java:24)

So, what am I doing wrong? Is this the proper way to activate the account? Does someone have any code to help me out?

Thanks!

Community
  • 1
  • 1
NuAlphaMan
  • 713
  • 4
  • 12
  • 25

2 Answers2

0

NuAlphaMan,

I think, that the exception has something to do with the fact that you use CN as the name of the attribute instead of Ldap-Display-Name which is msDS-User-Account-Control-Computed. The description could be found here http://msdn.microsoft.com/en-us/library/windows/desktop/ms677840(v=vs.85).aspx.

As to the second question of how to activate an account, I've found that there is an attribute userAccountControl (http://msdn.microsoft.com/en-us/library/windows/desktop/ms680832(v=vs.85).aspx#win_2008_r2) and the value 0x00000002 (ADS_UF_ACCOUNTDISABLE) that can disable an account. The only thing that crosses my mind is to try to read the value and flip the bit.

Regards, Dmitry

javaeeeee
  • 681
  • 8
  • 13
0

NoSuchAttributeException: "Indicates that the attribute specified in the modify or compare operation does not exist in the entry."

Malformed 'ms-DS-User-Account-Control-Computed' attribute value: means wrong attribute type.

here is my working example, that i check with ActiveDirectory 2008:

    public void mapToContext(int userAccountControl, DirContextAdapter context) {
            context.setAttributeValue("userAccountControl", disableAccount(userAccountControl));
    }

private String disableAccount(int userAccountControl) {
    userAccountControl |= AccountControlFlags.ACCOUNTDISABLE;
    return String.valueOf(userAccountControl);
}
x0r
  • 156
  • 3