I am trying to create an AD group through my java application. I have succesfully created a user, and now I am trying to create a group. I have the following code:
public class ProjectActiveDirectoryUserGroupHandling extends ActiveDirectoryUserGroupHandling {
private static final String DOMAIN_NAME = "DOM01.local";
private static final String DOMAIN_ROOT = "DC=DOM01,DC=local";
private static final String DOMAIN_URL = "ldap://10.123.3.10";
private static final String ADMIN_NAME = "DOM01\\AdServiceUser";
private static final String ADMIN_PASS = "Password";
private String userName, firstName, lastName, password, organisationUnit, groupName, groupOU;
private LdapContext context;
public void newGroup(String groupName, String organisationUnit) {
this.groupName = groupName;
this.groupOU = organisationUnit;
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ADMIN_NAME);
env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASS);
// connect to my domain controller
env.put(Context.PROVIDER_URL, DOMAIN_URL);
try {
this.context = new InitialLdapContext(env, null);
} catch (NamingException e) {
System.err.println("Problem creating object: ");
e.printStackTrace();
}
}
public boolean addGroup() throws NamingException {
// Create a container set of attributes
Attributes container = new BasicAttributes();
// Create the objectclass to add
Attribute objClasses = new BasicAttribute("objectClass");
objClasses.add("top");
objClasses.add("groupOfUniqueNames");
// Assign name to the group
Attribute cn = new BasicAttribute("cn", groupName);
Attribute groupType = new BasicAttribute("groupType", "2147483650"); // security group
Attribute desc = new BasicAttribute("description", "testDescription");
// Add these to the container
container.put(objClasses);
container.put(cn);
container.put(groupType);
container.put(desc);
// Create the entry
try {
context.createSubcontext(getGroupDN(groupName, groupOU), container);
return true;
} catch (Exception e) {
_log.error(e);
return false;
}
}
When running this, I get the following exception:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-0319088A, problem 5003 (WILL_NOT_PERFORM)
I find that there is not much information about this, so I feel a little lost. Hope someone can help me.
Ldap Error code 53 is fairly broad but hopefully the following may help (taken from here)
Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons:
- The Add Request violates the server's structure rules.
- The Modify Request specifies attributes that users cannot modify.
- Password restrictions prevent the action.
- Connection restrictions prevent the action.
As you are attempting to add a group (and have already made a successful connection to create a user) I would suggest it's probably due to the first reason - that the group you are trying to create is probably violating the AD server structure rules.