create user using java in Active Directory Lightweight Directory Services

Question

Anyone using Active Directory Lightweight Directory Services? I need help. I wrote a code but not able to create a user in Active directory through java.

1st what i did, I manually created a user in AD LDS server through AD Edit window. and I am able to connect it through below program.

Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, LDAP_URL);
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "CN=testuser,OU=Gulf,DC=serviceProj");
    env.put(Context.SECURITY_CREDENTIALS, "1234567");
    env.put(Context.SECURITY_PROTOCOL, "ssl");
    try {
        DirContext ctx = new InitialDirContext(env);
        }

I created this test user manually in AD LDS. Now I want to create user using java ,I wrote below code , but getting error.

    Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, LDAP_URL);
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "CN=Admin,OU=Gulf,DC=serviceProj");//Admin- this is a admin user through which i login to this server machine on which ad LDA is installed, this same user was selected at time of creation of instance.
    env.put(Context.SECURITY_CREDENTIALS, "1234567");
    env.put(Context.SECURITY_PROTOCOL, "ssl");
    try {
        DirContext ctx = new InitialDirContext(env);
        Attributes attrs = new BasicAttributes(true);
        Attribute oc = new BasicAttribute("objectclass");
        oc.add("top");
        oc.add("person");
        oc.add("organizationalPerson");
        oc.add("user");
        attrs.put(oc);
        attrs.put(new BasicAttribute("cn", "testuser2"));
        attrs.put(new BasicAttribute("name","test"));
        ctx.createSubcontext("CN=testuser2,OU=Gulf,DC=serviceProj", attrs);
        ctx.close();
    }

error I am getting-

[9/18/18 14:16:31:193 GST] 0000024c SystemErr     R javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 2030, v2580

Here i am getting error on this line DirContext ctx = new InitialDirContext(env); means i am not able to connect though admin user. now i need help that from which user i need to connect to create the user there?? //Admin- this is a admin user through which i login to this server machine on which ad LDA is hosted, this same user was selected at time of creation of instance.

what is issue with my code .Please help me with anything,sample code,viodeo anything

According to an answer here https://stackoverflow.com/questions/3788841/authentication-using-ldap-against-adam-using-spring-security, "Error code 2030 means that the DN of the user is invalid". — DanielBarbarian, Sep 18 '18 at 10:29
thanks for the response , but they are talking about LDAP not AD LDS,my current application working on LDAP only and that is working perfectly, now we are moving it to AD LDS but not getting much help on internet ,not much data is available on AD LDS. — vks, Sep 18 '18 at 13:19
AD LDS is a Directory Server which supports LDAP. So, using LDAP you should be able to access and modify the data therein. — mvreijn, Sep 18 '18 at 18:30
@mvreijn i understand but i am getting error ,please see i updated the question. — vks, Sep 19 '18 at 08:32

mvreijn · Accepted Answer · 2018-09-19T09:17:38.160

There are two possible reasons for this error that I can think of:

You are trying to create a user with cn=testuser2 but in the DN you enter cn=admin which is contradictory
Your logged-in user testuser does not have create rights in the OU=Gulf,DC=serviceProj container

Try to create the user with

ctx.createSubcontext("CN=testuser2,OU=Gulf,DC=serviceProj", attrs);

and if that still fails, log in with an administrative user (this is an example):

env.put(Context.SECURITY_PRINCIPAL, "CN=Administrator,OU=Gulf,DC=serviceProj");

EDIT

So the bind (login) using InitialDirContext() fails. Does your Admin user really exist in that context:

env.put(Context.SECURITY_PRINCIPAL, "CN=Admin,OU=Gulf,DC=serviceProj");

In your screenshot, I cannot see that user listed so I think it is not there. You can only log into AD LDS over LDAP with user accounts that actually exist in the LDS instance, not an AD account.

If you try to bind with CN=testuser,OU=Gulf,DC=serviceProj with the correct password then the InitialDirContext() call should succeed. If you add this account to the Administrators role in LDS then you should also be able to create the new user.

thanks for your reply,I tried your scenario, here in ad lds when we create a instance we select a user that is by default ur server machine login. I am using the same user. still getting the error .I updated my question. please see, — vks, Sep 19 '18 at 08:22
Thank you so much for ans .As you mentioned - If you add this account to the Administrators role in LDS then you should also be able to create the new user. how to do that can you please elaborate?? — vks, Sep 19 '18 at 10:17
I am not an LDS expert by any means, but in ADSI Edit, go to the `cn=Roles` container, find the `cn=Administrators` group and add your user's DN in the `member` attribute. — mvreijn, Sep 19 '18 at 13:48

score 0 · Answer 2 · answered Sep 19 '18 at 08:11

0

On AD LDS instances running on Windows Server 2008+, where local or domain password policy restrictions are in effect, the AD LDS user account is disabled by default.

Before you can enable the user account, you must set a password for it that meets the password policy restrictions that are in effect.

-jim

answered Sep 19 '18 at 08:11

jwilleke

10,467
1
30
51

thanks jim, yes i did enabled the user and added the pwd and i was able to connect that user from java ,please see the image ,all this user creation I did manually. now i want the same thing through java program,i want to create a user there through java .but getting error. which user i should use to authenticate for creation process? – vks Sep 19 '18 at 08:35
You must use Administrator account. Does this help? https://community.oracle.com/thread/2432014 – jwilleke Sep 19 '18 at 13:33

create user using java in Active Directory Lightweight Directory Services

2 Answers2