5

this is my first time on StackOverflow, I hope I will get some responses here. I am using Windows Active Directory 2008 to store new user from java using the spring-ldap api

My problem is that I am unable to add user with password. I read somewhere that in AD to set a password, I should use the unicodePwd attribute. Source: http://geekswithblogs.net/lance/archive/2005/08/19/LdapAuthenticationASP.aspx

public void insertContact(ContactDTO contactDTO) {
    try{

     Attributes personAttributes = new BasicAttributes();
     BasicAttribute personBasicAttribute = new BasicAttribute("objectclass");
     personBasicAttribute.add("person");
     personBasicAttribute.add("user");
     personAttributes.put(personBasicAttribute);

      personAttributes.put("givenName", contactDTO.getCommonName());
      personAttributes.put("cn", contactDTO.getCommonName());
      personAttributes.put("sn", contactDTO.getLastName());
      personAttributes.put("description", contactDTO.getDescription());

      personAttributes.put("unicodePwd",
          this.createUnicodePassword(contactDTO.getPassword()) );
      personAttributes.put("userPrincipalName", contactDTO.getUserLoginName());
      personAttributes.put("sAMAccountName", contactDTO.getsAMAccountName());
      personAttributes.put("displayname", contactDTO.getDisplayname());
      //  personAttributes.put( "pwdLastSet", "0" );
      //  personAttributes.put( "LockOutTime", "0" );

      personAttributes.put("userAccountControl", "544");

      BasicAttribute roomAttribute = new BasicAttribute("roomNumber");
      for(String r : contactDTO.getRoomNumber())
      {
        roomAttribute.add(r);
      }

      personAttributes.put(roomAttribute);


      DistinguishedName newContactDN = new DistinguishedName();
      newContactDN.add("cn", contactDTO.getCommonName());

      ldapTemplate.bind(newContactDN, null, personAttributes);
    }

public byte[] createUnicodePassword(String password){
    return toUnicodeBytes(doubleQuoteString(password));
}

private byte[] toUnicodeBytes(String str){
    byte[] unicodeBytes = null;
    try{
        byte[] unicodeBytesWithQuotes = str.getBytes("Unicode");
        unicodeBytes = new byte[unicodeBytesWithQuotes.length - 2];
        System.arraycopy(unicodeBytesWithQuotes, 2, unicodeBytes, 0,
            unicodeBytesWithQuotes.length - 2);
    } catch(UnsupportedEncodingException e){
        // This should never happen.
        e.printStackTrace();
    }
    return unicodeBytes;
}

private String doubleQuoteString(String str){
    StringBuffer sb = new StringBuffer();
    sb.append("\"");
    sb.append(str);
    sb.append("\"");
    return sb.toString();
}

but it given me error code 53 

enter code here: org.springframework.ldap.UncategorizedLdapException: Operation failed; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0

i not know how i set user password in AD. i also read some where to set unicodePwd we need SSL if this required than how i can do it. is there any alternative to solve this issue please help me

Improve this question
1
  • While testing this, I found that instead of using "Unicode" encoding and stripping of the BOM, you can simply use "UTF-16LE" as the encoding, e.g. ('"' + password + '"').getBytes("UTF-16LE"). Commented Sep 13, 2013 at 14:56

1 Answer 1

Reset to default
3

Yes, the WILL_NOT_PERFORM error is AD telling you that you need to use an SSL connection to set the password.

To make an SSL connection, you need to use a URL that looks like: ldaps://your.ldap.server:636 (note the "ldaps"). If you get a certificate validation error, you'll need to use "keytool" to import the AD server's certificate into your Java keystore, so your Java application recognizes the certificate as valid.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

ok David can you know how i can use SSL with Ldap please can you show the complete guide i never know about SSL with Ldap.. is there any alternative for that i just want to set the user password so any windows service which can solve this issue and i not implement SSL logic please tell me
ok thanks for your response.. well i know what is the URL and port of SSL with AD but i am confusing to import the certificates from AD server. to be very sorry can you tell me the procedure how i can get these certificates, and how much certificates are requres for this process..
That's a topic in itself. Here are some instructions on how you do it with a different application ("Crowd") confluence.atlassian.com/display/CROWD/… -- not specific for Spring-LDAP, but the basic principles are the same: obtain the cert from the AD server, import it into Java keystore using keytool
ok thanks David i will follow it and let you know please keep in touch if i feel any difficulty i will let you know..
hello. i have a question regarding to generate certificated from AD. i follow your link and also some googling i think we need to use 3rd party to issue these certificate. i just want to setup these all for my test environment tell me how i bypass 3rd party certificate generation...
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.