使用 JNDI 添加 LDAP 条目

2022-01-17 00:00:00 ldap java jndi

我正在尝试使用 JNDI 向 LDAP 服务器添加一个条目.我可以成功地从 LDAP 服务器读取条目.但是当我尝试添加一个新条目时,我得到了错误.我检查了各种方法,但都失败了.

I am trying to add an entry to an LDAP server using JNDI. I could successfully read the entries from the LDAP server. But when I try to add a new entry I am getting the errors. I checked various ways but I failed.

    private String getUserAttribs (String searchAttribValue) throws NamingException{
    SearchControls ctls = new SearchControls();
    ctls.setSearchScope(SearchControls.OBJECT_SCOPE);

    Attributes matchAttrs = new BasicAttributes(true);
    matchAttrs.put(new BasicAttribute("uid", searchAttribValue));
    NamingEnumeration answer = ctx.search("ou=People,ou=ABCLdapRealm,dc=abcdomain",matchAttrs);

    SearchResult item =(SearchResult) answer.next();
    // uid userpassword description objectclass wlsmemberof sn cn
    return item.toString();
}

这工作正常.

然后我向前迈了一步,尝试添加一个条目.代码如下.

Then I moved a step forward and tried to add an entry. The code is as follows.

    public static void bindEntry(DirContext dirContext)throws Exception{
    Attributes matchAttrs = new BasicAttributes(true);
    // uid userpassword description objectclass wlsmemberof sn cn
    matchAttrs.put(new BasicAttribute("uid", "defaultuser"));
    matchAttrs.put(new BasicAttribute("userpassword", "password"));
    matchAttrs.put(new BasicAttribute("description", "defaultuser"));
    matchAttrs.put(new BasicAttribute("cn", "defaultuser"));
    matchAttrs.put(new BasicAttribute("sn", "defaultuser"));

    matchAttrs.put(new BasicAttribute("objectclass", "top"));
    matchAttrs.put(new BasicAttribute("objectclass", "person"));
    matchAttrs.put(new BasicAttribute("objectclass", "organizationalPerson"));
    matchAttrs.put(new BasicAttribute("objectclass","inetorgperson"));
    matchAttrs.put(new BasicAttribute("objectclass", "wlsUser"));
    String name="uid=defaultuser";
    InitialDirContext iniDirContext = (InitialDirContext)dirContext;
    iniDirContext.bind(name,dirContext,matchAttrs);
}

但是我遇到了一个例外.

But with this I am getting an exception.

Exception in thread "main" javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'uid=defaultuser'

我肯定违反了什么.对此有什么想法吗?

Definitely I am violating something. Any idea on this?

推荐答案

LDAP 53,Unwilling to Perform,通常是它所说的意思.您试图从 LDAP 服务器的角度做一些非法"的事情.

LDAP 53, Unwilling to Perform, usually means what it says. You tried to do something 'illegal' from the LDAP servers perspective.

第一个猜测,但不太可能,您指的是 eDirectory 吗?如果是这样,添加 sn 很重要,因为在 eDirectory 的模式中必须在创建时提供姓氏值.在这种情况下,您可能会遇到稍微不同的错误,更像是 608 或 611 错误.

First guess, unlikely though, are you pointing at eDirectory? If so, adding sn is important as it is mandatory in eDirectory's schema to provide a Surname value at create time. In which case, you would probably get a slightly different error, more like a 608 or 611 error.

第二个猜测,您指向的是 Active Directory,在这种情况下 fullName 是一个强制属性.但在这种情况下,您通常也会得到略有不同的结果代码.应该有更多的错误.(虽然这可能是 JNDI 与我使用的工具的回报).

Second guess, you are point at Active Directory, in which case fullName is a mandatory attribute. But in that case, you also usually get a slightlty different result code. Ought to have more in the error. (Though this might be JNDI's return versus the tools I am used too).

第三个猜测,您指向其他人的 LDAP 服务器,并且您错过了架构中的强制属性.

Third guess, you are pointing at someone elses LDAP server and you have missed a mandatory attribute in the schema.

事实上,也许这是一个对象类问题.wlsUser 是辅助类还是真正的类?在您的目录中,inetorgperson 是一个真正的类吗(我对这种类型的类的名称没有兴趣,还有 aux、structural 和其他东西)类?

In fact, maybe it is an object class issue. Is wlsUser an auxiliary class, or a real class? Is inetorgperson a real (I am blanking on the name for this type of class, there is aux, structural, and something else) class in your directory?

我的基本猜测是您错过了强制属性并且违反了目标目录中的架构,我希望上面列出的缺少强制属性的可能示例会有所帮助.

My basic guess is you have missed a mandatory attribute and are violating schema in your target directory, and I hope the possible examples of missing mandatory's listed above is helpful.

相关文章