I've added a new user to AD using JNDI LDAP. And I've enable the account programmatically as well. However if I attempt to add the user to an AD Group I get and error that indicates that an Entry Already exists. See Results below for exception thrown.
"Domain Admins" is the group name but it appears that its complaining that I'm trying to re-add the group. Here is my code.
Any example that I've found on forums does it similarly.
public void addUserToGroup() throws NamingException {
String groupDN = "CN=Domain Admins,CN=Users,DC=mydomain,DC=org";
// Create the objectclass
Attribute objClasses = new BasicAttribute("objectClass");
objClasses.add("top");
objClasses.add("group");
// Create a entry set of attributes
Attributes attrs = new BasicAttributes();
Attribute member = new BasicAttribute("member", getUserDN("jdoe"));
// Add these to the container
attrs.put(objClasses);
attrs.put(member);
try {
context.modifyAttributes(groupDN, DirContext.ADD_ATTRIBUTE, attrs);
} catch (Exception e) {
LOGGER.severe("Failed to Add User to Domain Admins -- ");
}
}
public String getUserDN(String aUsername) {
return "CN=" + aUsername + ",CN=" + "Users,DC=mydomain,DC=org";
}
This is the resulting exception thrown...
javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00000562: UpdErr: DSID-031A11E2, problem 6005 (ENTRY_EXISTS), data 0 ]; remaining name 'CN=Domain Admins,CN=Users,DC=mydomain,DC=org'
You are adding an attribute with values that already exist on the object: objectClass.
When you use DirContext.ADD_ATTRIBUTE the LDAP server assumes new values, not replacing existing values.
Why are you adding that to the modification? Just adding the member attribute is enough.
Try without the objectClass attribute and it should work.