0

I get the error when trying to add users to a group.

A constraint violation occurred. (Exception from HRESULT: 0x8007202F) 

public string addUserToGroup(string userDN, string groupDN)
{
    try
    {
        DirectoryEntry de = new DirectoryEntry("LDAP://localhost:389/" + groupDN);
        de.Username = "myUsername";
        de.Password = "myPassword";
        de.Properties["member"].Add(userDN);
        de.CommitChanges();
        de.Close();
        //return true;
        return "yes";
    }

I'm not sure if it has something to do with the way I have set-up ADAM since I have used application directory partitions. So I have a DN of CN=sandbox,DC=ITOrg I then have 3 directory partitions like so:

CN=sandbox,CN=testApp1,DC=ITOrg
CN=sandbox,CN=testApp2,DC=ITOrg  .. etc

I have my users stored only in CN=sandbox,DC=ITOrg but I then want to give users access to 1 or more of the partitions so I was trying to add the CN of the user 

CN=1@test.com,CN=People,CN=sandbox,DC=ITOrg

to this:

CN=Readers,CN=Roles,CN=sandbox,CN=testApp1,DC=ITOrg

which does not work. Although the code does work if I add the user to the Role in CN=Readers,CN=Roles,CN=sandbox,DC=ITOrg. So does that mean that I have to store users in every partition? Duplicating data?

Does anyone have any thoughts?

p.campbell
  • 98,673
  • 67
  • 256
  • 322
samcooper11
  • 265
  • 2
  • 10
  • 20

2 Answers2

1

Typically, you'll also have to set at least the SAM Account Name on a new user entry on "straight up AD" - not sure if that applies to ADAM as well.

Marc

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
  • Sorry not entirely sure what you mean by "straight up AD" - would you mind explaining a bit more? Thanks – samcooper11 Jun 18 '09 at 08:19
  • Ah sorry - I meant in the full blown Active Directory - not ADAM, but actual "AD". – marc_s Jun 18 '09 at 09:40
  • oh ok thanks, I did take a look at what fields were required but that didn't seem to be the issue. After a bit more reading I think the issue is because I was trying to use members across partitions when in fact they should be treated as separate "worlds" – samcooper11 Jun 19 '09 at 12:20
0

Have you checked whether the password you are trying to create adheres to the configured password policy?

Also, from your example, it seems that you are trying to save the password in clear text. I am not familiar with ADAM, but most Auth & Auth providers require that you hash the password before attempting to save it.

CShark
  • 2,183
  • 1
  • 24
  • 42