Adding LDAP entries using JNDI

Question

I am trying to add an entry to an LDAP server using JNDI. I could successfully read the entries from the LDAP server. But when I try to add a new entry I am getting the errors. I checked various ways but I failed.

    private String getUserAttribs (String searchAttribValue) throws NamingException{
    SearchControls ctls = new SearchControls();
    ctls.setSearchScope(SearchControls.OBJECT_SCOPE);

    Attributes matchAttrs = new BasicAttributes(true);
    matchAttrs.put(new BasicAttribute("uid", searchAttribValue));
    NamingEnumeration answer = ctx.search("ou=People,ou=ABCLdapRealm,dc=abcdomain",matchAttrs);

    SearchResult item =(SearchResult) answer.next();
    // uid userpassword description objectclass wlsmemberof sn cn
    return item.toString();
}

This worked correctly.

Then I moved a step forward and tried to add an entry. The code is as follows.

    public static void bindEntry(DirContext dirContext)throws Exception{
    Attributes matchAttrs = new BasicAttributes(true);
    // uid userpassword description objectclass wlsmemberof sn cn
    matchAttrs.put(new BasicAttribute("uid", "defaultuser"));
    matchAttrs.put(new BasicAttribute("userpassword", "password"));
    matchAttrs.put(new BasicAttribute("description", "defaultuser"));
    matchAttrs.put(new BasicAttribute("cn", "defaultuser"));
    matchAttrs.put(new BasicAttribute("sn", "defaultuser"));

    matchAttrs.put(new BasicAttribute("objectclass", "top"));
    matchAttrs.put(new BasicAttribute("objectclass", "person"));
    matchAttrs.put(new BasicAttribute("objectclass", "organizationalPerson"));
    matchAttrs.put(new BasicAttribute("objectclass","inetorgperson"));
    matchAttrs.put(new BasicAttribute("objectclass", "wlsUser"));
    String name="uid=defaultuser";
    InitialDirContext iniDirContext = (InitialDirContext)dirContext;
    iniDirContext.bind(name,dirContext,matchAttrs);
}

But with this I am getting an exception.

Exception in thread "main" javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; remaining name 'uid=defaultuser'

Definitely I am violating something. Any idea on this?

Answer 1

LDAP 53, Unwilling to Perform, usually means what it says. You tried to do something 'illegal' from the LDAP servers perspective.

First guess, unlikely though, are you pointing at eDirectory? If so, adding sn is important as it is mandatory in eDirectory's schema to provide a Surname value at create time. In which case, you would probably get a slightly different error, more like a 608 or 611 error.

Second guess, you are point at Active Directory, in which case fullName is a mandatory attribute. But in that case, you also usually get a slightlty different result code. Ought to have more in the error. (Though this might be JNDI's return versus the tools I am used too).

Third guess, you are pointing at someone elses LDAP server and you have missed a mandatory attribute in the schema.

In fact, maybe it is an object class issue. Is wlsUser an auxiliary class, or a real class? Is inetorgperson a real (I am blanking on the name for this type of class, there is aux, structural, and something else) class in your directory?

My basic guess is you have missed a mandatory attribute and are violating schema in your target directory, and I hope the possible examples of missing mandatory's listed above is helpful.