5

this is my first time on StackOverflow, I hope I will get some responses here. I am using Windows Active Directory 2008 to store new user from java using the spring-ldap api

My problem is that I am unable to add user with password. I read somewhere that in AD to set a password, I should use the unicodePwd attribute. Source: http://geekswithblogs.net/lance/archive/2005/08/19/LdapAuthenticationASP.aspx

public void insertContact(ContactDTO contactDTO) {
    try{

     Attributes personAttributes = new BasicAttributes();
     BasicAttribute personBasicAttribute = new BasicAttribute("objectclass");
     personBasicAttribute.add("person");
     personBasicAttribute.add("user");
     personAttributes.put(personBasicAttribute);

      personAttributes.put("givenName", contactDTO.getCommonName());
      personAttributes.put("cn", contactDTO.getCommonName());
      personAttributes.put("sn", contactDTO.getLastName());
      personAttributes.put("description", contactDTO.getDescription());

      personAttributes.put("unicodePwd",
          this.createUnicodePassword(contactDTO.getPassword()) );
      personAttributes.put("userPrincipalName", contactDTO.getUserLoginName());
      personAttributes.put("sAMAccountName", contactDTO.getsAMAccountName());
      personAttributes.put("displayname", contactDTO.getDisplayname());
      //  personAttributes.put( "pwdLastSet", "0" );
      //  personAttributes.put( "LockOutTime", "0" );

      personAttributes.put("userAccountControl", "544");

      BasicAttribute roomAttribute = new BasicAttribute("roomNumber");
      for(String r : contactDTO.getRoomNumber())
      {
        roomAttribute.add(r);
      }

      personAttributes.put(roomAttribute);


      DistinguishedName newContactDN = new DistinguishedName();
      newContactDN.add("cn", contactDTO.getCommonName());

      ldapTemplate.bind(newContactDN, null, personAttributes);
    }

public byte[] createUnicodePassword(String password){
    return toUnicodeBytes(doubleQuoteString(password));
}

private byte[] toUnicodeBytes(String str){
    byte[] unicodeBytes = null;
    try{
        byte[] unicodeBytesWithQuotes = str.getBytes("Unicode");
        unicodeBytes = new byte[unicodeBytesWithQuotes.length - 2];
        System.arraycopy(unicodeBytesWithQuotes, 2, unicodeBytes, 0,
            unicodeBytesWithQuotes.length - 2);
    } catch(UnsupportedEncodingException e){
        // This should never happen.
        e.printStackTrace();
    }
    return unicodeBytes;
}

private String doubleQuoteString(String str){
    StringBuffer sb = new StringBuffer();
    sb.append("\"");
    sb.append(str);
    sb.append("\"");
    return sb.toString();
}

but it given me error code 53 

enter code here: org.springframework.ldap.UncategorizedLdapException: Operation failed; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0

i not know how i set user password in AD. i also read some where to set unicodePwd we need SSL if this required than how i can do it. is there any alternative to solve this issue please help me

Mat Mannion
  • 3,315
  • 2
  • 30
  • 31
  • While testing this, I found that instead of using "Unicode" encoding and stripping of the BOM, you can simply use "UTF-16LE" as the encoding, e.g. ('"' + password + '"').getBytes("UTF-16LE"). – Bill Brasky Sep 13 '13 at 14:56

1 Answers1

3

Yes, the WILL_NOT_PERFORM error is AD telling you that you need to use an SSL connection to set the password.

To make an SSL connection, you need to use a URL that looks like: ldaps://your.ldap.server:636 (note the "ldaps"). If you get a certificate validation error, you'll need to use "keytool" to import the AD server's certificate into your Java keystore, so your Java application recognizes the certificate as valid.

David Gelhar
  • 27,873
  • 3
  • 67
  • 84
  • ok David can you know how i can use SSL with Ldap please can you show the complete guide i never know about SSL with Ldap.. is there any alternative for that i just want to set the user password so any windows service which can solve this issue and i not implement SSL logic please tell me –  Dec 01 '10 at 09:15
  • ok thanks for your response.. well i know what is the URL and port of SSL with AD but i am confusing to import the certificates from AD server. to be very sorry can you tell me the procedure how i can get these certificates, and how much certificates are requres for this process.. –  Dec 01 '10 at 13:07
  • That's a topic in itself. Here are some instructions on how you do it with a different application ("Crowd") http://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory -- not specific for Spring-LDAP, but the basic principles are the same: obtain the cert from the AD server, import it into Java keystore using `keytool` – David Gelhar Dec 01 '10 at 13:28
  • ok thanks David i will follow it and let you know please keep in touch if i feel any difficulty i will let you know.. –  Dec 01 '10 at 13:35
  • hello. i have a question regarding to generate certificated from AD. i follow your link and also some googling i think we need to use 3rd party to issue these certificate. i just want to setup these all for my test environment tell me how i bypass 3rd party certificate generation... –  Dec 06 '10 at 07:39
  • http://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html i follow this article to generate the file.. but as mention we ordering the certificate authority to create SSL certificate for us but i am totally in test environment please tell me how i generate the certificate to use SSL connection to generate user with password –  Dec 06 '10 at 11:19
  • You have to install Active Directory Certificate Services - step by step can be found at http://gregtechnobabble.blogspot.cz/2012/11/enabling-ldap-ssl-in-windows-2012-part-1.html . – Xdg Jan 03 '16 at 14:17
  • @DavidGelhar Hey, I did make an SSL connection and added the certificate to Java Kestore, still getting error as `javax.naming.CommunicationException: simple bind failed: 192.168.0.5:636 [Root exception is java.net.SocketException: Connection or outbound has closed]`, can you help? – Nirav Madariya Feb 23 '19 at 19:24