javaactive-directoryldapadlds

create user using java in Active Directory Lightweight Directory Services


Anyone using Active Directory Lightweight Directory Services? I need help. I wrote a code but not able to create a user in Active directory through java.

1st what i did, I manually created a user in AD LDS server through AD Edit window. and I am able to connect it through below program.

Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, LDAP_URL);
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "CN=testuser,OU=Gulf,DC=serviceProj");
    env.put(Context.SECURITY_CREDENTIALS, "1234567");
    env.put(Context.SECURITY_PROTOCOL, "ssl");
    try {
        DirContext ctx = new InitialDirContext(env);
        }

I created this test user manually in AD LDS. Now I want to create user using java ,I wrote below code , but getting error.

    Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, LDAP_URL);
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "CN=Admin,OU=Gulf,DC=serviceProj");//Admin- this is a admin user through which i login to this server machine on which ad LDA is installed, this same user was selected at time of creation of instance.
    env.put(Context.SECURITY_CREDENTIALS, "1234567");
    env.put(Context.SECURITY_PROTOCOL, "ssl");
    try {
        DirContext ctx = new InitialDirContext(env);
        Attributes attrs = new BasicAttributes(true);
        Attribute oc = new BasicAttribute("objectclass");
        oc.add("top");
        oc.add("person");
        oc.add("organizationalPerson");
        oc.add("user");
        attrs.put(oc);
        attrs.put(new BasicAttribute("cn", "testuser2"));
        attrs.put(new BasicAttribute("name","test"));
        ctx.createSubcontext("CN=testuser2,OU=Gulf,DC=serviceProj", attrs);
        ctx.close();
    }       

error I am getting-

[9/18/18 14:16:31:193 GST] 0000024c SystemErr     R javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 2030, v2580

Here i am getting error on this line DirContext ctx = new InitialDirContext(env); means i am not able to connect though admin user. now i need help that from which user i need to connect to create the user there?? //Admin- this is a admin user through which i login to this server machine on which ad LDA is hosted, this same user was selected at time of creation of instance.

what is issue with my code .Please help me with anything,sample code,viodeo anything


Solution

  • There are two possible reasons for this error that I can think of:

    1. You are trying to create a user with cn=testuser2 but in the DN you enter cn=admin which is contradictory
    2. Your logged-in user testuser does not have create rights in the OU=Gulf,DC=serviceProj container

    Try to create the user with

    ctx.createSubcontext("CN=testuser2,OU=Gulf,DC=serviceProj", attrs);
    

    and if that still fails, log in with an administrative user (this is an example):

    env.put(Context.SECURITY_PRINCIPAL, "CN=Administrator,OU=Gulf,DC=serviceProj");
    

    EDIT

    So the bind (login) using InitialDirContext() fails. Does your Admin user really exist in that context:

    env.put(Context.SECURITY_PRINCIPAL, "CN=Admin,OU=Gulf,DC=serviceProj");
    

    In your screenshot, I cannot see that user listed so I think it is not there. You can only log into AD LDS over LDAP with user accounts that actually exist in the LDS instance, not an AD account.

    If you try to bind with CN=testuser,OU=Gulf,DC=serviceProj with the correct password then the InitialDirContext() call should succeed. If you add this account to the Administrators role in LDS then you should also be able to create the new user.