javaldapadgroup

Unable to create groups using ldap through java. Creating user works


I am trying to create an AD group through my java application. I have succesfully created a user, and now I am trying to create a group. I have the following code:

 public class ProjectActiveDirectoryUserGroupHandling extends ActiveDirectoryUserGroupHandling {

     private static final String DOMAIN_NAME = "DOM01.local";
     private static final String DOMAIN_ROOT = "DC=DOM01,DC=local";
     private static final String DOMAIN_URL  = "ldap://10.123.3.10";
     private static final String ADMIN_NAME  = "DOM01\\AdServiceUser";
     private static final String ADMIN_PASS  = "Password";

     private String              userName, firstName, lastName, password, organisationUnit, groupName, groupOU;
     private LdapContext         context;

     public void newGroup(String groupName, String organisationUnit) {
     this.groupName = groupName;
     this.groupOU = organisationUnit;
     Hashtable<String, String> env = new Hashtable<String, String>();

     env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

     // set security credentials, note using simple cleartext authentication
     env.put(Context.SECURITY_AUTHENTICATION, "simple");
     env.put(Context.SECURITY_PRINCIPAL, ADMIN_NAME);
     env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASS);

     // connect to my domain controller
     env.put(Context.PROVIDER_URL, DOMAIN_URL);

     try {
       this.context = new InitialLdapContext(env, null);
     } catch (NamingException e) {
       System.err.println("Problem creating object: ");
       e.printStackTrace();
     }
   }

   public boolean addGroup() throws NamingException {

     // Create a container set of attributes
     Attributes container = new BasicAttributes();

     // Create the objectclass to add
     Attribute objClasses = new BasicAttribute("objectClass");
     objClasses.add("top");
     objClasses.add("groupOfUniqueNames");

     // Assign name to the group
     Attribute cn = new BasicAttribute("cn", groupName);
     Attribute groupType = new BasicAttribute("groupType", "2147483650"); // security group
     Attribute desc = new BasicAttribute("description", "testDescription");

     // Add these to the container
     container.put(objClasses);
     container.put(cn);
     container.put(groupType);
     container.put(desc);

     // Create the entry
     try {
       context.createSubcontext(getGroupDN(groupName, groupOU), container);
       return true;
     } catch (Exception e) {
       _log.error(e);
       return false;
     }
   }

When running this, I get the following exception:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-0319088A, problem 5003 (WILL_NOT_PERFORM)

I find that there is not much information about this, so I feel a little lost. Hope someone can help me.


Solution

  • Ldap Error code 53 is fairly broad but hopefully the following may help (taken from here)

    Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons:

    • The Add Request violates the server's structure rules.
    • The Modify Request specifies attributes that users cannot modify.
    • Password restrictions prevent the action.
    • Connection restrictions prevent the action.

    As you are attempting to add a group (and have already made a successful connection to create a user) I would suggest it's probably due to the first reason - that the group you are trying to create is probably violating the AD server structure rules.