How to manipulate LDAP using JNDI on websphere?

Question

I am facing a problem with an LDAP operation. I want to dynamically add a member to an LDAP group when selected by the user from GUI / browser. I paste the code below which works perfectly well when I run it in a Test class (using com.sun.jndi.ldap.LdapCtxFactory). But, when I package it in my build, deploy on websphere app server 7.0 (using com.ibm.websphere.naming.WsnInitialContextFactory), and invoke this method according to user's selection, then I get the error below. I wonder what's wrong I am doing. Doesn't WAS provide implementation of ldap connection factory? I also tried deploying on WAS with the sun's ldap which otherwise works on the Test class, but I am getting the same exception as below. I'd appreciate if anybody can give a clue.

Problem adding member: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00000561: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0

My Code:

public class LDAPManager
{
    String GROUPS_OU =  "cn=users,dc=mit,dc=hq,dc=com";

    public Boolean addMember(String user, String group)
    {

        Hashtable env = new Hashtable();
        String adminName = "CN=Administrator,CN=Users,DC=mit,DC=hq,DC=com";
        String adminPassword = "asdfasdf21Q";
        String ldapURL = "ldap://mybox451Dev.mit.hq.com:389";
        String userName = "CN="+user+",CN=Users,DC=mit,DC=hq,DC=com";
        String groupName = "CN="+group+",CN=Users,DC=mit,DC=hq,DC=com";


        //env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");

        env.put(Context.INITIAL_CONTEXT_FACTORY,"com.ibm.websphere.naming.WsnInitialContextFactory");

        //set security credentials, note using simple cleartext authentication
        env.put(Context.SECURITY_AUTHENTICATION,"simple");
        env.put(Context.SECURITY_PRINCIPAL,adminName);
        env.put(Context.SECURITY_CREDENTIALS,adminPassword);

        //connect to my domain controller
        env.put(Context.PROVIDER_URL, "ldap://mybox451Dev.mit.hq.com:389");

        try {

            // Create the initial directory context
            InitialDirContext ctx = new InitialDirContext(env);

            //Create a LDAP add attribute for the member attribute
            ModificationItem mods[] = new ModificationItem[1];
            mods[0]= new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", userName)); 

            //update the group
            ctx.modifyAttributes(groupName,mods);

            ctx.close();

            //System.out.println("Added " + userName + " to " + groupName);

        } 

        catch (NamingException e) {
            System.err.println("Problem adding member: " + e);
        }

        return true;
    }

}

I got it solved. Posting solution here, hope this helps someone.

1. Use the standard JNDI context of sun, not websphere.

2. Additional properties I was missing in the hashtable, once I added them, it worked like a charm.

   env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");  
   
   //env.put(Context.INITIAL_CONTEXT_FACTORY,"com.ibm.websphere.naming.WsnInitialContextFactory");  
   
   //set security credentials, note using simple cleartext authentication  
   env.put(Context.SECURITY_AUTHENTICATION,"simple");  
   env.put(Context.SECURITY_PRINCIPAL,adminName);  
   env.put(Context.SECURITY_CREDENTIALS,adminPassword);  
   env.put(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");  
   env.put(Context.REFERRAL, "ignore");  
   

Answer 1

Well, it's been more than a year since this question has been asked; so, I don't know answering will add any value. But, here it is. See WAS Javadocs for details on how what that factory class actually does and how it works. You may need to adjust your jndiprovider.properties file for WAS.