InvalidDnSyntaxError when I try to create a new AD user with ldapjs

Question

I am attempting to create a user through ldapjs, here is my code:

async onboardUser(targetUser, ou) {
        targetUser.distinguishedName = `cn=${user.username}, ${ou}`;

        return new Promise(function (resolve, reject) {
            const entry = {
                distinguishedName: targetUser.distinguishedName,
                displayName: targetUser.displayName,
                sAMAccountName: targetUser.username, 
                cn: targetUser.displayName,
                name: targetUser.displayName,
                sn: targetUser.lname,
                givenName: targetUser.fname,
                userPrincipalName: targetUser.email, 
                mail: targetUser.email,
                co: targetUser.country,
                company: targetUser.company,
                manager: targetUser.manager['distinguishedName'],
                physicalDeliveryOfficeName: targetUser.city,
                department: targetUser.department,
                title: targetUser.title,
                unicodePwd: Buffer.from('"' + targetUser.password + '"', 'utf16le').toString(),
                objectclass: 'user',
                userAccountControl: 512, //NORMAL_ACCOUNT
            };

            // Create user in AD, error occurs here
            ldapjs.add(targetUser.distinguishedName, entry, (err) => {
                if (err) {
                    logger.error(err.stack);
                    reject(err);
                } else {
                    resolve('success');
                }
            });
        });
    }

However, I receive the following error:

InvalidDnSyntaxError: 00002081: NameErr: DSID-03050F42, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:
    'cn=awesomeusername, ou=Users, ou=Accounts, dc=company, dc=org'

I am stuck on the above error and do not know how to proceed. Any advice as to what I may be doing wrong is greatly welcomed.

Thank you for your time and attention

score 1 · Answer 1 · answered Aug 29 '23 at 14:51

1

Try getting rid of the of the spaces after the commas:

targetUser.distinguishedName = `cn=${user.username}, ${ou}`;
//                                                  ^

See MS Documentation: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ldap/distinguished-names

Looks like it should be: 'cn=awesomeusername,ou=Users,ou=Accounts,dc=company,dc=org'

answered Aug 29 '23 at 14:51

Dabrowski

310
1
8

Interesting... I've removed the spaces, and placed a debugging stop point to confirm `targetUser.distinguishedName` does not contain spaces (and it doesn't), however when `onPremAD.server.add` runs, still receive `InvalidDnSyntaxError: 00002081: NameErr: DSID-03050F42, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of: 'cn=awesomeusername, ou=Users, ou=Accounts, dc=company, dc=org'` spaces included... – afontalv Aug 29 '23 at 15:16
I am not sure then sorry. I would strip the code back to the minimum required to create the user and try hardcoding the DN, then build back from there. Possible that the problem is in the input CN/OU/DC rather than with your code. – Dabrowski Aug 29 '23 at 15:29

InvalidDnSyntaxError when I try to create a new AD user with ldapjs

1 Answers1