Fedora directory users - May 2007 - adding user programmatically

Hi,

Am switching over from OpenLDAP to Fedora DS.

The Java code that was creating user entries in OpenLDAP isn''t working
with
Fedora DS and I thought perhaps the reason would be obvious to someone out
there.

This is what was working with OpenLDAP:

            dirContext = new InitialDirContext(anonymousEnv);

            // need to be administrator to do this
            dirContext.addToEnvironment(Context.SECURITY_PRINCIPAL, ADMIN_DN);
            dirContext.addToEnvironment(Context.SECURITY_CREDENTIALS,ADMIN_PWD);

            // ref: RFC 2798
            // the inetOrgPerson represents people who are associated with an
organization in some way.
            // mandatory attributes for inetOrgPerson are: cn, objectClass, sn

            Attribute ocAttr = new BasicAttribute("objectClass",
"top");
            ocAttr.add("person");
            ocAttr.add("organizationalPerson");
            ocAttr.add("inetOrgPerson");

            // create the attribute set
            Attributes attrs = new BasicAttributes(true); // as LDAP attribute
names are case-insensitive
            attrs.put(ocAttr);
            attrs.put("cn", username);
            attrs.put("sn", username); // not relevant but mandatory
and can''t put "" in there
            attrs.put("userPassword", password);
            attrs.put("uid", uid);

            // create entry in directory
            logger.debug("About to create subcontext: "+dn);
            accountContext = dirContext.createSubcontext(dn, attrs);

Error I''m getting with Fedora DS at the last line of that code is:

javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]


Have tried with ldapadd from the command line to create a user entry with all
the same values and
that works ok, so I''m a bit puzzled why the code doesn''t work
here.

If anyone has any ideas, would appreciate them.

Thanks,
Derek

Please access the attached hyperlink for an important electronic communications
disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm

Derek Alexander wrote:
> Hi,
>
> Am switching over from OpenLDAP to Fedora DS.
>
> The Java code that was creating user entries in OpenLDAP isn''t
working with
> Fedora DS and I thought perhaps the reason would be obvious to someone out
there.
>
> This is what was working with OpenLDAP:
>
>             dirContext = new InitialDirContext(anonymousEnv);
>
>             // need to be administrator to do this
>             dirContext.addToEnvironment(Context.SECURITY_PRINCIPAL,
ADMIN_DN);
>            
dirContext.addToEnvironment(Context.SECURITY_CREDENTIALS,ADMIN_PWD);
>
>             // ref: RFC 2798
>             // the inetOrgPerson represents people who are associated with
an organization in some way.
>             // mandatory attributes for inetOrgPerson are: cn, objectClass,
sn
>
>             Attribute ocAttr = new BasicAttribute("objectClass",
"top");
>             ocAttr.add("person");
>             ocAttr.add("organizationalPerson");
>             ocAttr.add("inetOrgPerson");
>
>             // create the attribute set
>             Attributes attrs = new BasicAttributes(true); // as LDAP
attribute names are case-insensitive
>             attrs.put(ocAttr);
>             attrs.put("cn", username);
>             attrs.put("sn", username); // not relevant but
mandatory and can''t put "" in there
>             attrs.put("userPassword", password);
>             attrs.put("uid", uid);
>
>             // create entry in directory
>             logger.debug("About to create subcontext: "+dn);
>             accountContext = dirContext.createSubcontext(dn, attrs);
>
> Error I''m getting with Fedora DS at the last line of that code is:
>
> javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
>   
That usually means the password is not correct.  What do the Fedora DS 
access and error logs say?
>
> Have tried with ldapadd from the command line to create a user entry with
all the same values and
> that works ok, so I''m a bit puzzled why the code doesn''t
work here.
>
> If anyone has any ideas, would appreciate them.
>
> Thanks,
> Derek
>
> Please access the attached hyperlink for an important electronic
communications disclaimer:
http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

> That usually means the password is not correct.  What do the Fedora DS
> access and error logs say?
Nothing! Turns out credentials were correct but the old IP address
was still there. With that corrected, the code works fine now.

Cheers,
Derek




Richard Megginson wrote:
> Derek Alexander wrote:
> 
>> Hi,
>>
>> Am switching over from OpenLDAP to Fedora DS.
>>
>> The Java code that was creating user entries in OpenLDAP isn''t
working
>> with
>> Fedora DS and I thought perhaps the reason would be obvious to someone
>> out there.
>>
>> This is what was working with OpenLDAP:
>>
>>             dirContext = new InitialDirContext(anonymousEnv);
>>
>>             // need to be administrator to do this
>>             dirContext.addToEnvironment(Context.SECURITY_PRINCIPAL,
>> ADMIN_DN);
>>            
>> dirContext.addToEnvironment(Context.SECURITY_CREDENTIALS,ADMIN_PWD);
>>
>>             // ref: RFC 2798
>>             // the inetOrgPerson represents people who are associated
>> with an organization in some way.
>>             // mandatory attributes for inetOrgPerson are: cn,
>> objectClass, sn
>>
>>             Attribute ocAttr = new
BasicAttribute("objectClass", "top");
>>             ocAttr.add("person");
>>             ocAttr.add("organizationalPerson");
>>             ocAttr.add("inetOrgPerson");
>>
>>             // create the attribute set
>>             Attributes attrs = new BasicAttributes(true); // as LDAP
>> attribute names are case-insensitive
>>             attrs.put(ocAttr);
>>             attrs.put("cn", username);
>>             attrs.put("sn", username); // not relevant but
mandatory
>> and can''t put "" in there
>>             attrs.put("userPassword", password);
>>             attrs.put("uid", uid);
>>
>>             // create entry in directory
>>             logger.debug("About to create subcontext: "+dn);
>>             accountContext = dirContext.createSubcontext(dn, attrs);
>>
>> Error I''m getting with Fedora DS at the last line of that code
is:
>>
>> javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
>> Credentials]
>>   
> 
> That usually means the password is not correct.  What do the Fedora DS
> access and error logs say?
> 
>>
>> Have tried with ldapadd from the command line to create a user entry
>> with all the same values and
>> that works ok, so I''m a bit puzzled why the code
doesn''t work here.
>>
>> If anyone has any ideas, would appreciate them.
>>
>> Thanks,
>> Derek
>>
>> Please access the attached hyperlink for an important electronic
>> communications disclaimer:
>> http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>   
> 
> 
> ------------------------------------------------------------------------
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
Please access the attached hyperlink for an important electronic communications
disclaimer: http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm