Java – will occurs when trying to enable users via LDAP_ NOT_ Perform error
I am trying to create a new active directory user through LDAP, but the user was disabled at the time of creation I tried to set the useraccountcontrol property to 512, but I received the error will_ NOT_ PERFORM. I read this because the password is not set, but I don't understand why Setting the userpassword property to create a user works normally
This is the code:
// Create a container set of attributes Attributes container = new BasicAttributes(); // Assign the properties we need to set on the user container.put(new BasicAttribute("objectClass","user")); container.put(new BasicAttribute("cn",userName)); container.put(new BasicAttribute("sAMAccountName",userName)); container.put(new BasicAttribute("name",userName)); container.put(new BasicAttribute("givenName",userName)); container.put(new BasicAttribute("userPassword",password)); String fullDomainName = getFullUserName(userName); // Create the entry try{ context.createSubcontext(fullDomainName,container); }catch(Exception e){ System.err.println("Error creating user: " ); e.printStackTrace(); throw e; } ModificationItem[] userMods = new ModificationItem[1]; userMods[0] = new ModificationItem(InitialLdapContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl","512")); try{ context.modifyAttributes(fullDomainName,userMods); }catch(Exception e){ System.err.println("Could not update userAccountControl flag"); e.printStackTrace(); throw e; }
The first part of creating a user works, and the second part of my attempt to set the useraccountcontrol flag fails Any help would be appreciated thank you!
Solution
I found a problem... I have to use the Unicode PWD attribute and make sure it is encoded correctly:
final byte[] quotedPasswordBytes = ('"'+password+'"').getBytes("UTF-16LE"); container.put(new BasicAttribute("unicodePwd",quotedPasswordBytes));
I found the answer here:
How do I resolve “WILL_NOT_PERFORM” MS AD reply when trying to change password in scala w/ the unboundid LDAP SDK?
http://www.dirmgr.com/blog/2010/8/26/ldap-password-changes-in-active-directory.html