Java 使用 JNDI 添加 LDAP 条目
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1073643/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Adding LDAP entries using JNDI
提问by Chathuranga Chandrasekara
I am trying to add an entry to an LDAP server using JNDI. I could successfully read the entries from the LDAP server. But when I try to add a new entry I am getting the errors. I checked various ways but I failed.
我正在尝试使用 JNDI 向 LDAP 服务器添加一个条目。我可以成功地从 LDAP 服务器读取条目。但是当我尝试添加一个新条目时,我收到了错误。我检查了各种方法,但都失败了。
private String getUserAttribs (String searchAttribValue) throws NamingException{
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.OBJECT_SCOPE);
Attributes matchAttrs = new BasicAttributes(true);
matchAttrs.put(new BasicAttribute("uid", searchAttribValue));
NamingEnumeration answer = ctx.search("ou=People,ou=ABCLdapRealm,dc=abcdomain",matchAttrs);
SearchResult item =(SearchResult) answer.next();
// uid userpassword description objectclass wlsmemberof sn cn
return item.toString();
}
This worked correctly.
这工作正常。
Then I moved a step forward and tried to add an entry. The code is as follows.
然后我向前迈进了一步并尝试添加一个条目。代码如下。
public static void bindEntry(DirContext dirContext)throws Exception{
Attributes matchAttrs = new BasicAttributes(true);
// uid userpassword description objectclass wlsmemberof sn cn
matchAttrs.put(new BasicAttribute("uid", "defaultuser"));
matchAttrs.put(new BasicAttribute("userpassword", "password"));
matchAttrs.put(new BasicAttribute("description", "defaultuser"));
matchAttrs.put(new BasicAttribute("cn", "defaultuser"));
matchAttrs.put(new BasicAttribute("sn", "defaultuser"));
matchAttrs.put(new BasicAttribute("objectclass", "top"));
matchAttrs.put(new BasicAttribute("objectclass", "person"));
matchAttrs.put(new BasicAttribute("objectclass", "organizationalPerson"));
matchAttrs.put(new BasicAttribute("objectclass","inetorgperson"));
matchAttrs.put(new BasicAttribute("objectclass", "wlsUser"));
String name="uid=defaultuser";
InitialDirContext iniDirContext = (InitialDirContext)dirContext;
iniDirContext.bind(name,dirContext,matchAttrs);
}
But with this I am getting an exception.
但是有了这个,我得到了一个例外。
Exception in thread "main" javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'uid=defaultuser'
Definitely I am violating something. Any idea on this?
我肯定违反了什么。对此有什么想法吗?
采纳答案by geoffc
LDAP 53, Unwilling to Perform, usually means what it says. You tried to do something 'illegal' from the LDAP servers perspective.
LDAP 53,不愿意执行,通常是它所说的意思。您试图从 LDAP 服务器的角度做一些“非法”的事情。
First guess, unlikely though, are you pointing at eDirectory? If so, adding sn is important as it is mandatory in eDirectory's schema to provide a Surname value at create time. In which case, you would probably get a slightly different error, more like a 608 or 611 error.
首先猜测,虽然不太可能,你指的是 eDirectory 吗?如果是这样,添加 sn 很重要,因为在 eDirectory 的模式中必须在创建时提供姓氏值。在这种情况下,您可能会得到稍微不同的错误,更像是 608 或 611 错误。
Second guess, you are point at Active Directory, in which case fullName is a mandatory attribute. But in that case, you also usually get a slightlty different result code. Ought to have more in the error. (Though this might be JNDI's return versus the tools I am used too).
第二个猜测,您指向的是 Active Directory,在这种情况下 fullName 是必需属性。但在这种情况下,您通常也会得到略有不同的结果代码。应该有更多的错误。(虽然这可能是 JNDI 的回报与我使用的工具的对比)。
Third guess, you are pointing at someone elses LDAP server and you have missed a mandatory attribute in the schema.
第三个猜测,您指向的是其他人的 LDAP 服务器,而您错过了架构中的一个必需属性。
In fact, maybe it is an object class issue. Is wlsUser an auxiliary class, or a real class? Is inetorgperson a real (I am blanking on the name for this type of class, there is aux, structural, and something else) class in your directory?
实际上,可能是对象类问题。wlsUser 是辅助类,还是真正的类?inetorgperson 在你的目录中是一个真正的(我正在为这种类型的类命名,有辅助类、结构类和其他类)类吗?
My basic guess is you have missed a mandatory attribute and are violating schema in your target directory, and I hope the possible examples of missing mandatory's listed above is helpful.
我的基本猜测是您遗漏了一个必需属性并且违反了目标目录中的架构,我希望上面列出的遗漏必需属性的可能示例对您有所帮助。
回答by Andrew Strong
This is the error you get when trying to set the password in Active Directory over a non-SSL connection. Try your code again without the password line.
这是您尝试通过非 SSL 连接在 Active Directory 中设置密码时遇到的错误。在没有密码行的情况下再次尝试您的代码。
回答by Andrew Strong
Hi by using the below code i am able to insert a person into ldap from jndi program
嗨,通过使用下面的代码,我可以将一个人从 jndi 程序插入到 ldap 中
Attributes attributes=new BasicAttributes();
Attribute objectClass=new BasicAttribute("objectClass");
objectClass.add("inetOrgPerson");
attributes.put(objectClass);
Attribute sn=new BasicAttribute("sn");
Attribute cn=new BasicAttribute("cn");
sn.add("sahul");
cn.add("vetcha");
attributes.put(sn);
attributes.put(cn);
attributes.put("title","software engg")
ctx.createSubcontext("uid=sahul,ou=some organization7,o=some company7,ou=system",attributes);
