如何在 AD 中通过 LDAP 启用用户?
在我的程序(基于 jldap)中,我尝试通过将 userAccountControl 值设置为 512 来启用 AD 中的用户。 使用以下属性创建的用户:
objectClass=user
cn=username
name=username
userAccountControl=512
userPassword={BASE64}<base64 encoded password>
sAMAccountName=username
distinguishedName=username,CN=Users,DC=company,DC=com
但我遇到异常:
LDAPException: Unwilling To Perform (53) Unwilling To Perform
LDAPException: Server Message: 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
可能有人可以告诉我哪里出错了?也许我忘记了一些必需的属性?
编辑:
我的代码(这很简单,我认为其中没有错误):
LDAPConnection connection;
LDAPMessageQueue messageQueue;
...
LDAPAttributeSet attributes = new LDAPAttributeSet();
attributes.add(new LDAPAttribute("objectClass", "user"));
attributes.add(new LDAPAttribute("cn", "username"));
attributes.add(new LDAPAttribute("name", "username"));
attributes.add(new LDAPAttribute("userAccountControl", "512"));
attributes.add(new LDAPAttribute("userPassword", "{BASE64}<base64 encoded password>"));
attributes.add(new LDAPAttribute("sAMAccountName", "username"));
attributes.add(new LDAPAttribute("distinguishedName", "username,CN=Users,DC=company,DC=com"));
LDAPEntry entry = new LDAPEntry("CN=username,CN=Users,DC=company,DC=com", attributes);
connection.add(entry);
In my program (jldap-based) I trying to enable user in AD by setting userAccountControl value to 512.
User created with following attributes:
objectClass=user
cn=username
name=username
userAccountControl=512
userPassword={BASE64}<base64 encoded password>
sAMAccountName=username
distinguishedName=username,CN=Users,DC=company,DC=com
But I get exception:
LDAPException: Unwilling To Perform (53) Unwilling To Perform
LDAPException: Server Message: 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0
May be anybody can tell me where I'm making an error? Maybe I forgot some required attribute?
EDIT:
My code (It is trivial and I think that no errors in it):
LDAPConnection connection;
LDAPMessageQueue messageQueue;
...
LDAPAttributeSet attributes = new LDAPAttributeSet();
attributes.add(new LDAPAttribute("objectClass", "user"));
attributes.add(new LDAPAttribute("cn", "username"));
attributes.add(new LDAPAttribute("name", "username"));
attributes.add(new LDAPAttribute("userAccountControl", "512"));
attributes.add(new LDAPAttribute("userPassword", "{BASE64}<base64 encoded password>"));
attributes.add(new LDAPAttribute("sAMAccountName", "username"));
attributes.add(new LDAPAttribute("distinguishedName", "username,CN=Users,DC=company,DC=com"));
LDAPEntry entry = new LDAPEntry("CN=username,CN=Users,DC=company,DC=com", attributes);
connection.add(entry);
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当密码编码不正确时,可能会出现此错误。确保它是 Base64 编码的 UTF-16LE 字符串。
示例(如果您使用的是 Oracle JVM)
更新 1:
您是否尝试过在没有 userAccountControl 属性的情况下运行代码(以排除或排除实际上是该属性导致问题)?
我注意到您的专有名称属性看起来也有点奇怪。它可能看起来类似于
CN=username,OU=Users,DC=company,DC=com。更新 2:请参阅在 Active Directory LDAP 中添加具有密码的用户。如果您尝试通过非 SSL 连接为条目设置密码(您就是这样,因为您正在创建它),则可能会返回 WILL_NOT_PERFORM。您需要确保通过 SSL 连接到 AD 服务器(并根据需要设置证书)。
This error can arise when the password is not correctly encoded. Make sure it's a Base64 encoded UTF-16LE string.
Example (if you are using Oracle JVM)
UPDATE 1:
Have you tried running your code without the userAccountControl attribute (to rule in or out that it's actually that attribute that is causing problems)?
I noticed that your distinguished name attribute looks a bit strange, as well. It should probably look something like
CN=username,OU=Users,DC=company,DC=com.UPDATE 2: see Adding a user with a password in Active Directory LDAP. WILL_NOT_PERFORM can be returned if you are trying to set password for an entry (which you are, since you're creating it) over a non-SSL connection. You need to make sure you are connecting to the AD server over SSL (and set up certificates as required).