0

I am using openDJ for LDAP and I am not able to change ds-pwp-account-disabled attribute value in openDJ from spring ldap template.

I have created DirContextOperations class object through spring ldap. When I am getting value of ds-pwp-account-disabled attribute using spring ldap, it is given. But it is not allowing to update ds-pwp-account-disabled attribute value through spring ldap. Can you help me how will I update ds-pwp-account-disabled attribute value through spring ldap. I read so many articles in google, It can be modify privilege issue in opendj through springldap or may be other.

I am sharing some code to identify how am I using spring ldap using open DJ--

private LdapTemplate ldapTemplate;

ErrorDTO createAccountIfNotExists(Account account){

    DirContextAdapter context = new DirContextAdapter(dn);
    context.setAttributeValues(OBJECTCLASS, new String[] { TOP, USERACCOUNTS });
    mapToContext(account, context);
    try {
        ldapTemplate.bind(context);

    } catch (Exception e) {
    }
    return error;
}

public LdapTemplate getLdapTemplate() {
    return ldapTemplate;
}

public void setLdapTemplate(LdapTemplate ldapTemplate) {
    this.ldapTemplate = ldapTemplate;
}

void mapToContext(Account account, DirContextOperations context) {
    context.setAttributeValue("cn", account.getFirstName());
    context.setAttributeValue("sn", account.getLastName());
    context.setAttributeValue("x-user-id", account.getUserId());
    context.setAttributeValue("mail", account.getEmail());
    context.setAttributeValue("givenname", account.getFirstName());
    context.setAttributeValue("mobile", account.getMobilePhone());
    context.setAttributeValue("telephonenumber", account.getBusinessPhone());
    context.setAttributeValue("title", account.getJobTitle());
    context.setAttributeValue("x-incident-ref", account.getIncidentRef());
    context.setAttributeValue("x-client-category", account.getClientCategory());
    context.setAttributeValue("x-organization", account.getOrganization());
    context.setAttributeValue("facsimiletelephonenumber", account.getFax());
    context.setAttributeValue("x-bureau", account.getBureau());
    context.setAttributeValue("x-company", account.getCompany());
    context.setAttributeValue("ds-pwp-account-disabled", account.getEnabled());
    if (account.getAccountCode() != null) {
        context.setAttributeValue("x-account-code", account.getAccountCode());
        context.setAttributeValue("uid", account.getAccountCode() + "#" + account.getUserId());
    } else {
        context.setAttributeValue("uid", account.getUserId());
    }

}

It is given below error - org.springframework.ldap.InvalidAttributeValueException: Malformed 'ds-pwp-account-disabled' attribute value; nested exception is javax.naming.directory.InvalidAttributeValueException: Malformed 'ds-pwp-account-disabled' attribute value; remaining name 'uid=coy#user8,ou=User Accounts'

sharmav
  • 1
  • 4

2 Answers2

0

The ds-pwp-account-disabled attribute has an LDAP syntax Boolean. The only accepted values by OpenDJ server are "true" and "false". I'm not an expert in Spring LDAP, but if the syntax of the attribute is unknown, I doubt that the library will transpose properly the Java boolean values to the proper LDAP values.

Ludovic Poitou
  • 4,788
  • 2
  • 21
  • 30
0

As I know if 

ds-pwp-account-disabled
attribute not exists in an entry, then the user won't be disabled = the user is enabled.

So give it a try, to do not add this attribute is the user is enabled.

if(!account.getEnabled()){ //suppose that it's returning a boolean
  context.setAttributeValue("ds-pwp-account-disabled", "true");
}
zsom
  • 479
  • 1
  • 5
  • 19