JNDI 使用 ADS 将用户添加到组
我们一直在尝试使用 JNDI 将用户添加到组中。我们的目录服务器是 Windows 2003 上的 Active Directory。
我们能够很好地创建用户和组。然而,让这些用户成为任何组的一部分是一个问题。代码如下(受到 this 的启发)
ModificationItem mod[] = new ModificationItem[1];
mod[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
new BasicAttribute("member", "CN=User1,OU=LocationOfUser"));
localcontext.modifyAttributes("CN=Group1,ou=Group,ou=LocationOfTheGroup", mod);
:错误返回:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000525:
NameErr: DSID- 031A0F80, problem 2001 (NO_OBJECT), data 0, best match of: ''
我们尝试绑定到子根(并且不在属性中给出完整的 DN)或绑定到根(并在属性中给出完整的 DN)。
编辑:我们尝试了相同的代码,但使用的是用户 CN 中的用户 (CN=abcd,CN=Users),并且它有效!但为什么它不允许除此之外的用户使用呢?
We have been trying to add users to groups using JNDI. Our directory server is Active Directory on Windows 2003.
We were able to create users and groups just fine. However, making these users part of any group is a problem. Here is what the code looks like (inspired by this):
ModificationItem mod[] = new ModificationItem[1];
mod[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
new BasicAttribute("member", "CN=User1,OU=LocationOfUser"));
localcontext.modifyAttributes("CN=Group1,ou=Group,ou=LocationOfTheGroup", mod);
We get this error back:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000525:
NameErr: DSID- 031A0F80, problem 2001 (NO_OBJECT), data 0, best match of: ''
We have tried to bind to a subroot (and not give the full DN in the attributes) or binding to the root (and giving the full DN in the attributes).
EDIT: We tried the same code, but with a user in the Users CN (CN=abcd,CN=Users), and it works!!! But how come it won't allow it for users outside of that?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
错误显示“NO_OBJECT”。错误代码 32 是 LDAP_NO_SUCH_OBJECT。所以问题是其中一个标识符是错误的。您可以列出具有指定标识符的用户或组吗?
[编辑] 错误消息显示
best match of: ''这意味着它无法匹配路径的任何部分(DN),甚至是第一个元素。我想您必须在您的情况下使用完整路径(从根开始)而不是 RDN。不过,我无法解释为什么您可以通过直接查询找到对象。肯定有什么不同,但除非你发布所有代码,否则我只能提供帮助。
The error says "NO_OBJECT". Error code 32 is LDAP_NO_SUCH_OBJECT. So the problem is that one of the identifiers is wrong. Can you list the user or group with the specified identifier?
[EDIT] The error message says
best match of: ''which means it can't match any part of the path (the DN), not even the first element. I guess you must use the full path in your case (starting from the root) instead of a RDN.I have no explanation why you can find the objects with direct queries, though. There must be something different but unless you post all the code, that's about as much as I can help.