Problem with MS Active Directory

**koevet** · Oct 24th, 2006, 04:41 AM

Hello,
I'm trying to add a user to a group in a MS AD based Ldap server but I always got the same error:

Code:

org.springframework.ldap.EntryNotFoundException: Entry not found; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000
525: NameErr: DSID-031A0F80, problem 2001 (NO_OBJECT), data 0, best match of: remaining name 'cn=EPTST01GLWEB002, ou=Accounts'

This is my application context (im using spring 2.0 and the latest spring ldap jar 1.1):

Code:

<bean id="contextSource" class="org.springframework.ldap.support.LdapContextSource">
      <property name="url" value="ldap://xxx:389" />
      <property name="base" value="DC=extranet,DC=cap" />
      <property name="userName" value="testacc@extranet.cap" />
      <property name="password" value="Passw0rd" />
      <!--  not sure about this property..
      <property name="baseEnvironmentProperties">
            <map>
                <entry key="java.naming.referral" value="follow" />
            </map>
        </property>
      -->
   </bean>

   <bean id="ldapTemplate" class="org.springframework.ldap.LdapTemplate">
      <constructor-arg ref="contextSource" />
   </bean>
	
	<bean id="userDao" class="com.zurich.ep.security.ldap.UserDaoImpl">
      <property name="ldapTemplate" ref="ldapTemplate" />
            
   </bean>

And finally the java code:

Code:

public void addUserToGroup(String group, String user) {
		
        DistinguishedName groupDN = getGroupDN(group);
        DistinguishedName userDN = getUserDN(user);
        ModificationItem[] mods = new ModificationItem[1];
        mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userDN.encode()));
        ldapTemplate.modifyAttributes(groupDN, mods);
}

private DistinguishedName getGroupDN(String groupName) {
	DistinguishedName dn  = new DistinguishedName();
	dn.add("ou", "Accounts");
	dn.add("cn",groupName);
	return dn;
}
private DistinguishedName getUserDN(String userName) {
	DistinguishedName dn  = new DistinguishedName();
	dn.add("ou", "Accounts");
	dn.add("cn",userName);
	return dn;
}

I understand that injecting the base dn for the Context Source should allow me to avoid specifing the base dn every time. Maybe there is someting im missing with MS AD?

Thanks
Luciano

**rasky** · Oct 24th, 2006, 08:09 AM

The base DN will not be appended to attribute values, i.e. you need to add it yourself in the getUserDN() method.

The getGroupDN() should work however as this value is used directly as an input to the modifyAttributes method, which will cause the base DN to be automatically appended by the LDAP provider.

**koevet** · Oct 24th, 2006, 09:08 AM

Hello Mattias,
thanks, that worked!
I have changed the "getUserDN()" method to:

Code:

private DistinguishedName getUserDN(String userName) {
  //this.base is the baseDN injected in the dao...
  DistinguishedName dn  = new DistinguishedName(this.base);
  dn.add("ou", "Accounts");
  dn.add("cn",userName);
  return dn;
}

Luciano

Thread: Problem with MS Active Directory

Thread Tools

Display

Problem with MS Active Directory

Posting Permissions