Anonymous_User Absent Member.
Absent Member.
212 views

Assigning user to group upon user creation


Hi,

I've been running this code in order to add a user to our testing
active directory


Code:
--------------------

LDAPConnection lc = new LDAPConnection();
int ldapPort = LDAPConnection.DEFAULT_PORT;
int ldapVersion = LDAPConnection.LDAP_V3;
String ldapHost = "x.x.x.x";
String loginDN = "A@DOMAIN.LOCAL";
String password = "myPass";

try {
lc.connect(ldapHost, ldapPort);
lc.bind(ldapVersion, loginDN, password.getBytes("UTF8"));
} catch (LDAPException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
} catch (UnsupportedEncodingException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
}

LDAPAttributeSet attributeSet = new LDAPAttributeSet();
attributeSet.add(new LDAPAttribute("objectclass", new String("User")));
//attributeSet.add(new LDAPAttribute("cn", new String[]{"James Smith", "Jim Smith", "Jimmy Smith"}));
attributeSet.add(new LDAPAttribute("givenName", new String("JohnAAA")));
attributeSet.add(new LDAPAttribute("name", new String("JohnAAA")));
attributeSet.add(new LDAPAttribute("sn", new String("SmithAAA")));
attributeSet.add(new LDAPAttribute("telephonenumber", new String("1 801 555 1212")));
attributeSet.add(new LDAPAttribute("mail", new String("JSmith@AcmeAAA.com")));
attributeSet.add(new LDAPAttribute("userpassword", new String("newpassword")));
attributeSet.add(new LDAPAttribute("memberof", new String("CN=Administrators,CN=Builtin,DC=Domain,DC=local")));
//attributeSet.add(new LDAPAttribute("userAccountControl", new String("512")));
String dn = "cn=JSmithSAAAAAAA ," + "cn=Users,dc=Domain,dc=LOCAL";

LDAPEntry newEntry = new LDAPEntry(dn, attributeSet);

lc.add(newEntry);

--------------------


I have two things I need to do but can't for some reason:

1. the "memberof" attribute addition returns "will not perform" error,
I can't understand why, because when I query the group DN I get all its
members, is there something I'm missing ?
2. In order for the user to be enabled, I added the
"userAccountControl" but it might not be valid, is it the right usage ?
what should be done in order to enable the user upon creation ?

My tree looks something like (domain - Domain.local) --> Builtin
(container) --> (All groups including Administrators)

Thanks in advance,
Ohad


--
ohadbenita
------------------------------------------------------------------------
ohadbenita's Profile: http://forums.novell.com/member.php?userid=91214
View this thread: http://forums.novell.com/showthread.php?t=417313

Labels (1)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: Assigning user to group upon user creation

The memberOf is a "pseudo" attribute within AD.

You MUST add the user and then add them to the group.

You must add the user to the groups "member" attribute and only after
the user exists in AD.
-jim

On 8/3/2010 2:46 AM, ohadbenita wrote:
>
> Hi,
>
> I've been running this code in order to add a user to our testing
> active directory
>
>
> Code:
> --------------------
>
> LDAPConnection lc = new LDAPConnection();
> int ldapPort = LDAPConnection.DEFAULT_PORT;
> int ldapVersion = LDAPConnection.LDAP_V3;
> String ldapHost = "x.x.x.x";
> String loginDN = "A@DOMAIN.LOCAL";
> String password = "myPass";
>
> try {
> lc.connect(ldapHost, ldapPort);
> lc.bind(ldapVersion, loginDN, password.getBytes("UTF8"));
> } catch (LDAPException e) {
> e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
> } catch (UnsupportedEncodingException e) {
> e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
> }
>
> LDAPAttributeSet attributeSet = new LDAPAttributeSet();
> attributeSet.add(new LDAPAttribute("objectclass", new String("User")));
> //attributeSet.add(new LDAPAttribute("cn", new String[]{"James Smith", "Jim Smith", "Jimmy Smith"}));
> attributeSet.add(new LDAPAttribute("givenName", new String("JohnAAA")));
> attributeSet.add(new LDAPAttribute("name", new String("JohnAAA")));
> attributeSet.add(new LDAPAttribute("sn", new String("SmithAAA")));
> attributeSet.add(new LDAPAttribute("telephonenumber", new String("1 801 555 1212")));
> attributeSet.add(new LDAPAttribute("mail", new String("JSmith@AcmeAAA.com")));
> attributeSet.add(new LDAPAttribute("userpassword", new String("newpassword")));
> attributeSet.add(new LDAPAttribute("memberof", new String("CN=Administrators,CN=Builtin,DC=Domain,DC=local")));
> //attributeSet.add(new LDAPAttribute("userAccountControl", new String("512")));
> String dn = "cn=JSmithSAAAAAAA ," + "cn=Users,dc=Domain,dc=LOCAL";
>
> LDAPEntry newEntry = new LDAPEntry(dn, attributeSet);
>
> lc.add(newEntry);
>
> --------------------
>
>
> I have two things I need to do but can't for some reason:
>
> 1. the "memberof" attribute addition returns "will not perform" error,
> I can't understand why, because when I query the group DN I get all its
> members, is there something I'm missing ?
> 2. In order for the user to be enabled, I added the
> "userAccountControl" but it might not be valid, is it the right usage ?
> what should be done in order to enable the user upon creation ?
>
> My tree looks something like (domain - Domain.local) --> Builtin
> (container) --> (All groups including Administrators)
>
> Thanks in advance,
> Ohad
>
>

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.