E
eunever32
Hello
I have a requirement to update the members of an ActiveDirectory
workgroup using the Java API
The application currently reads from the ActiveDirectory but we have a
new requirement to write to it. (currently this is
done from Microsoft Console)
From sun website: http://java.sun.com/products/jndi/tutorial/objects/storing/index.html:
Windows Active Directory: Context.rebind() and DirContext.rebind() do
not work against Active Directory because these methods work by
reading the attributes of the entry to be updated, removing the entry,
and then adding a new entry that contains the modified attributes.
Active Directory returns some attributes that cannot be set by the
user, causing the final addition step to fail. The workaround for this
problem is to use DirContext.getAttributes() to obtain and save the
attributes that you want to keep. Then, remove the entry and add it
back with the saved attributes (and any others that you want to add)
using DirContext.bind().
This would suggest we need to
1. remove the workgroup
2. bind the workgroup with new attributes
Given the large number of users using ActiveDirectory for
authentication during day it would seem unreasonable to delete the
workgroup (could result in unexpected behaviour for someone trying to
log in)
Also removing the workgroup would require more privileges that just
updating the members
So it seems unrealistic to try to use the Java API to update the
workgroups
Would others agree ?
Regards
I have a requirement to update the members of an ActiveDirectory
workgroup using the Java API
The application currently reads from the ActiveDirectory but we have a
new requirement to write to it. (currently this is
done from Microsoft Console)
From sun website: http://java.sun.com/products/jndi/tutorial/objects/storing/index.html:
Windows Active Directory: Context.rebind() and DirContext.rebind() do
not work against Active Directory because these methods work by
reading the attributes of the entry to be updated, removing the entry,
and then adding a new entry that contains the modified attributes.
Active Directory returns some attributes that cannot be set by the
user, causing the final addition step to fail. The workaround for this
problem is to use DirContext.getAttributes() to obtain and save the
attributes that you want to keep. Then, remove the entry and add it
back with the saved attributes (and any others that you want to add)
using DirContext.bind().
This would suggest we need to
1. remove the workgroup
2. bind the workgroup with new attributes
Given the large number of users using ActiveDirectory for
authentication during day it would seem unreasonable to delete the
workgroup (could result in unexpected behaviour for someone trying to
log in)
Also removing the workgroup would require more privileges that just
updating the members
So it seems unrealistic to try to use the Java API to update the
workgroups
Would others agree ?
Regards