I want to create an account in Active Directory(AD) with the LDAP Mulesoft connector. I can do his without a problem but it works ONLY when I don't submit the user password(unicodePwd). So the problem is how to use the right format(data, bytes or whatever) in Mulesoft Dataweave for the unicodePwd to create a user in AD with a default password.
When I do this in plain Java 17 then this part of code does the job.
public static void createUser(DirContext ctx) throws Exception {
String userCn = "Piet Jansen";
String userSam = "piet";
String userDn = "CN=" + userCn + ",OU=_TEMP_TEST_MuleSoft,DC=corp,DC=example,DC=lan";
String password = "Welcome123!Testsecret";
Attributes attrs = new BasicAttributes(true);
Attribute objClass = new BasicAttribute("objectClass");
objClass.add("top");
objClass.add("person");
objClass.add("organizationalPerson");
objClass.add("user");
attrs.put(objClass);
attrs.put("cn", userCn);
attrs.put("sAMAccountName", userSam);
attrs.put("userPrincipalName", "piet.jansen@example.nl");
attrs.put("displayName", userCn);
attrs.put("givenName", userSam);
attrs.put("sn", "Jansen");
// 🔐 simulation of the unicodePwd attribute
String quotedPwd = "\"" + password + "\"";
byte[] pwdBytes = quotedPwd.getBytes(StandardCharsets.UTF_16LE);
attrs.put("unicodePwd", pwdBytes);
attrs.put("userAccountControl", "544"); // NORMAL_ACCOUNT + PASSWD_NOTREQD
ctx.createSubcontext(userDn, attrs);
System.out.println("User created: " + userDn);
}
The above Java code works when creating the right ldap context(ctx) but that is not the problem. But it shows the job can be done and the domain controller with the SSL part is correctly configured. And in Java the trusted store for SSL is correctly configured.
But I want to use the Mulesoft LDAP(S) connector for this.
When my dataweave payload for the Mulesoft LDAP connector is like this it works, the account is created in AD but without the default password like you see.
{
"cn": "Piet Jansen",
"sAMAccountName": "Piet",
"userPrincipalName": "piet.jansen@example.nl",
"objectClass": ["top", "person", "organizationalPerson", "user"],
"dn": "CN=Piet Jansen,OU=_TEMP_TEST_MuleSoft,DC=corp,DC=example,DC=lan",
"userAccountControl": "544", // NORMAL_ACCOUNT + PASSWD_NOTREQD
"givenName": "Piet",
"sn":"Jansen",
"displayName": "Piet Jansen"
}
But when I want to add the unicodePwd attribute to the dataweave payload for the Mulesoft LDAP connector like this then it I get an LDAP error.
{
"cn": "Piet Jansen",
"sAMAccountName": "Piet",
"userPrincipalName": "piet.jansen@example.nl",
"objectClass": ["top", "person", "organizationalPerson", "user"],
"dn": "CN=Piet Jansen,OU=_TEMP_TEST_MuleSoft,DC=corp,DC=example,DC=lan",
"unicodePwd": "Welcome123!Testsecret",
"userAccountControl": "544", // NORMAL_ACCOUNT + PASSWD_NOTREQD
"givenName": "Piet",
"sn":"Jansen",
"displayName": "Piet Jansen"
}
Then I get an LDAP error like this:
"OPERATION_NOT_SUPPORTED: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A126C, problem 5003 (WILL_NOT_PERFORM), data 0
I tried several dataweave configurations for the unicodePWD attribute like:
//password between double quotes as a String
"unicodePwd": '\"' ++ "Welcome123!Testsecret" ++ '\"'
//some converting to get a binary
"unicodePWD": toBase64(toBinary('\"' ++ "Welcome123!Testsecret" ++ '\"', 'UTF-16LE'))
//some other way with converting
"unicodePwd": '\"' ++ "Welcome123!Testsecret" ++ '\"' as Binary {encoding: "UTF_16LE"}
// I tried a call to a Java function also:
//MuleLdapUtil custom class look like this:
package nl.example.ldap.utils;
public class MuleLdapUtil {
public static byte[] getPW() {
String quotedPwd = "\"" + "Welcome123!Testsecret" + "\"";
byte[] pwdBytes = quotedPwd.getBytes(StandardCharsets.UTF_16LE);
return pwdBytes;
}
}
//then import the class in dataweave
import java!nl::example::ldap::utils::MuleLdapUtil
//and use the attribute in the payload.
uniCodePwd: (MuleLdapUtil::getPW())
None of them work, so my question is what is the correct format of the unicodePwd attribute in the payload for the ldap connector?
This link ConvertToByte topic was the trigger for the final solution:
So what has to happen is that the unicodePwd property has to be converted to a Java byte[] class. In dataweave it goes like this:
//MuleLdapUtil custom class:
package nl.example.ldap.utils;
public class MuleLdapUtil {
public static byte[] getPW(String pw) {
String quotedPwd = "\"" + pw + "\"";
byte[] pwdBytes = quotedPwd.getBytes(StandardCharsets.UTF_16LE);
return pwdBytes;
}
}
//then import the class in dataweave
import java!nl::example::ldap::utils::MuleLdapUtil
//and use the attribute in the payload and converted it to class byte[] !!!.
uniCodePwd: (MuleLdapUtil::getPW("Welcome123!Testsecret")) as Binary {class: "byte[]"}
so the conversion to the byte[] class solves the problem