Re: adding user programmatically

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Derek Alexander wrote:

Hi,

Am switching over from OpenLDAP to Fedora DS.

The Java code that was creating user entries in OpenLDAP isn't working with
Fedora DS and I thought perhaps the reason would be obvious to someone out there.

This is what was working with OpenLDAP:

            dirContext = new InitialDirContext(anonymousEnv);

            // need to be administrator to do this
            dirContext.addToEnvironment(Context.SECURITY_PRINCIPAL, ADMIN_DN);
            dirContext.addToEnvironment(Context.SECURITY_CREDENTIALS,ADMIN_PWD);

            // ref: RFC 2798
            // the inetOrgPerson represents people who are associated with an organization in some way.
            // mandatory attributes for inetOrgPerson are: cn, objectClass, sn

            Attribute ocAttr = new BasicAttribute("objectClass", "top");
            ocAttr.add("person");
            ocAttr.add("organizationalPerson");
            ocAttr.add("inetOrgPerson");

            // create the attribute set
            Attributes attrs = new BasicAttributes(true); // as LDAP attribute names are case-insensitive
            attrs.put(ocAttr);
            attrs.put("cn", username);
            attrs.put("sn", username); // not relevant but mandatory and can't put "" in there
            attrs.put("userPassword", password);
            attrs.put("uid", uid);

            // create entry in directory
            logger.debug("About to create subcontext: "+dn);
            accountContext = dirContext.createSubcontext(dn, attrs);

Error I'm getting with Fedora DS at the last line of that code is:

javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
That usually means the password is not correct. What do the Fedora DS access and error logs say? 

Have tried with ldapadd from the command line to create a user entry with all the same values and
that works ok, so I'm a bit puzzled why the code doesn't work here.

If anyone has any ideas, would appreciate them.

Thanks,
Derek

Please access the attached hyperlink for an important electronic communications disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux