Results 1 to 5 of 5
  1. #1
    Join Date
    Jun 2006
    Posts
    4

    Unanswered: User Creation On Ms-ADAM

    Hi,
    I have a java code that creates users on ms-active directory application mode. After the user is created setting userAccountControl is giving the error. I read online that ms-adam does not support userAccountControl and instead uses msDS-UserPasswordExpired with value as 65536. But, I am not sure how to put this in. I tried replacing useraccountcontrol with this but this also errored out.

    Helping souls please reply.

    Regards,
    Sree Nagesh Uppuluri.
    can mail to sreenagesh_2k@yahoo.com

  2. #2
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Provided Answers: 54
    Yes, according to MSDN you are correct. ms-DS-User-Password-Expired replaces AD's ADS_USER_FLAG_ENUM value for User-Account-Control.

    My first guess is that you are using the CN instead of the LDAP name, or possibly vice-versa. Java code normally prefers the LDAP name while native (Microsoft) code normally prefers the CN.

    -PatP

  3. #3
    Join Date
    Jun 2006
    Posts
    4

    User Creation On Ms-ADAM

    SOS
    It has been quite a no. of days - I got struck as how to use userAccountControl on MS-ADAM in Java code. Can any body help plz.
    Specifically, I need help to set the userAccountControl attribute on MS-ADAM via java code for user creation.
    Help is greatly appreciated and thanked.

    Regards,
    Sree Nagesh Uppuluri.

  4. #4
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Provided Answers: 54
    Without knowing which flavor of Java you are using (different implementations work differently, and there are many Java implementations that run on Microsoft Windows), exactly what you are trying to do (at the source code level), and ten thousand other details, I can't be much help. While it is relatively easy to develop using Java, it is practically impossible to provide support because there are so many variable factors from one installation to another!

    If your Java implementation has a vendor (such as Sun Microsystems), the first thing you should do is check their documentation. Some vendors dislike one another (like Sun and Microsoft), so this isn't always much help. The next best bet would be to find a forum or newsgroup focused on your particular Java implementation running on your particular platform. These are really your two best hopes for finding help with a problem like this.

    -PatP

  5. #5
    Join Date
    Jun 2006
    Posts
    4

    User Creation On Ms-ADAM

    First of all thanx alot for the kind of support you have been giving. Sparing your valuable time is really worth thanking. Here is the peace of code I use to create users.
    Just for a breaf idea: my code is able to create users and do all the other manipulations on MS-AD. But, problem comes when I connect to MS-ADAM. During the user creation - the user gets created on LDAP but then returns error. The datasource.xml used to have user accountcontrol value as:
    <property-mapping property-id="vgn.userAccountControl" data-field-name="userAccountControl" default-value="66048" />
    This I changed to :
    <property-mapping property-id="vgn.userAccountControl" data-field-name="msDS-UserPasswordExpired" default-value="65536" />
    But still I have the problem.

    Regarding the configuration: I am working on
    OS : windows 2000 prof.
    JAVA : j2sdk1.4.2
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2-b28)
    Java HotSpot(TM) Client VM (build 1.4.2-b28, mixed mode)
    LDAP : Microsoft - Active Directory Appl. Mode
    Here is the code

    private void LDAPCreate(String UID, String dn, BasicAttributes attributes)
    throws EntityPersistenceException, UniquePropertyValueConflictException {
    boolean isBadContext = false;
    DirContext wcontext = null;
    try {
    wcontext = getWriteContext();

    boolean foundUserAccountControl = false;
    Attribute userAccountControlAttribute = attributes.get(ATTRIBUTE_USER_ACCOUNT_CONTROL);
    if (userAccountControlAttribute != null) {
    // Microsoft AD 2003 won't allow to create accounts with "userAccountControl" already set
    // so remove it from the create
    attributes.remove(ATTRIBUTE_USER_ACCOUNT_CONTROL);
    foundUserAccountControl = true;
    }

    ------> JNDIUtils.createSubcontext(wcontext, dn, attributes);

    if (foundUserAccountControl) {
    BasicAttributes attrs = new BasicAttributes();
    attrs.put(userAccountControlAttribute);
    ModificationItem[] mods = new ModificationItem[1];
    mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, userAccountControlAttribute);
    // Microsoft AD 2003 won't allow to create accounts with "userAccountControl" already set
    // so add it after the create
    try {
    JNDIUtils.modifyAttributes(wcontext, dn, mods);
    } catch (Exception e) {
    e.printStackTrace();
    } finally {
    if (wcontext != null) {
    if (!isBadContext) {
    closeWriteContext(wcontext);
    } else {
    closeBadWriteContext(wcontext);
    }
    }
    }
    }

    --------------------------------------------------------------------------
    public static DirContext createSubcontext(DirContext context, String name, Attributes attrs) throws NamingException {
    DirContext retContext = null;
    long start = 0;
    long elapsed = 0;
    ====> retContext = context.createSubcontext(name, attrs);
    return retContext;
    }
    --------------------------------------------------------------------------
    ------> calls createSubcontext() method that gives the eror.
    ====>creates the user but returns an error as
    2006-06-08 18:20:50,490 [http9173-Processor25] ERROR CreateAction.createUser: an error occured while creating new user profile.
    EntityPersistenceException: An error occured while storing, retrieving, or querying an entity or entity relationship from the entity persistence store.
    Addition message included: LDAPDataSource.LDAPCreate(): error occurred when creating cn=user1 user1,ou=people,ou=vap73nagesh, [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090A04, comment: Error in attribute conversion operation, data 0, vece]


    Regards,
    Sree Nagesh Uppuluri.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •