I'm develop an app that needs create and maintain users into the active directory.
My problem is that the users have a hierarchy and the master can create them with different password expiration values. I was reading about that and maybe it's possible do it using OUs , but I can't found some code example about it.
Maybe exist a better way to do the requirement, but unfortunately this is the only way that I found.
Solution (that work for me)
When you are creating the distinguished name (dn), you have to add the the OU into the value. This is the code that I made:
protected String getDN(User user)
{
//User name
String dn = "CN=" + user.getLogin();
//OU
String ou;
if (user.getPasswordExpirationTime() == 1)
ou = "PJ1"; //one day
else if (usuario.getPasswordExpirationTime() == 30)
ou = "PJ30"; //thirty days
else if (usuario.getPasswordExpirationTime() == 60)
ou = "PJ60"; //sixty days
else
ou = "PJ90"; //default, ninety days
dn += ",OU=" + ou;
//Domain
dn += ",DC=domain,DC=local";
return dn;
}
Here is a example on how to do it:
String oldUserName = "CN=Albert Einstein,OU=Research,DC=antipodes,DC=com";
String newUserName = "CN=Albert Einstein,OU=Sales,DC=antipodes,DC=com";
// Create the initial directory context
LdapContext ctx = new InitialLdapContext(env,null);
// Move the user
ctx.rename(oldUserName,newUserName);
https://forums.oracle.com/forums/thread.jspa?threadID=1157099