无法通过SpringLDAP更改opendj中禁用的ds pwp帐户的值

5lhxktic  于 2021-07-13  发布在  Java
关注(0)|答案(2)|浏览(388)

我正在使用opendj for ldap,无法从spring ldap模板更改opendj中的ds pwp account disabled属性值。
我已经通过SpringLDAP创建了dircontextoperations类对象。当我使用springldap获取ds pwp account disabled属性的值时,它是给定的。但它不允许通过springldap更新ds pwp account disabled属性值。你能帮我如何通过springldap更新ds pwp account disabled属性值吗。我在google上读了很多文章,可以通过springldap修改opendj中的特权问题,也可以是其他问题。
我正在分享一些代码,以确定如何使用opendj使用springldap--
私有ldaptemplate ldaptemplate;

ErrorDTO createAccountIfNotExists(Account account){

    DirContextAdapter context = new DirContextAdapter(dn);
    context.setAttributeValues(OBJECTCLASS, new String[] { TOP, USERACCOUNTS });
    mapToContext(account, context);
    try {
        ldapTemplate.bind(context);

    } catch (Exception e) {
    }
    return error;
}

public LdapTemplate getLdapTemplate() {
    return ldapTemplate;
}

public void setLdapTemplate(LdapTemplate ldapTemplate) {
    this.ldapTemplate = ldapTemplate;
}

void mapToContext(Account account, DirContextOperations context) {
    context.setAttributeValue("cn", account.getFirstName());
    context.setAttributeValue("sn", account.getLastName());
    context.setAttributeValue("x-user-id", account.getUserId());
    context.setAttributeValue("mail", account.getEmail());
    context.setAttributeValue("givenname", account.getFirstName());
    context.setAttributeValue("mobile", account.getMobilePhone());
    context.setAttributeValue("telephonenumber", account.getBusinessPhone());
    context.setAttributeValue("title", account.getJobTitle());
    context.setAttributeValue("x-incident-ref", account.getIncidentRef());
    context.setAttributeValue("x-client-category", account.getClientCategory());
    context.setAttributeValue("x-organization", account.getOrganization());
    context.setAttributeValue("facsimiletelephonenumber", account.getFax());
    context.setAttributeValue("x-bureau", account.getBureau());
    context.setAttributeValue("x-company", account.getCompany());
    context.setAttributeValue("ds-pwp-account-disabled", account.getEnabled());
    if (account.getAccountCode() != null) {
        context.setAttributeValue("x-account-code", account.getAccountCode());
        context.setAttributeValue("uid", account.getAccountCode() + "#" + account.getUserId());
    } else {
        context.setAttributeValue("uid", account.getUserId());
    }

}

下面给出了错误-org.springframework.ldap.invalidateTributeValueException:格式错误的'ds pwp account disabled'属性值;嵌套异常为javax.naming.directory.invalidateTributeValueException:格式错误的“ds pwp account disabled”属性值;剩余名称“uid=coy#user8,ou=user accounts”

bsxbgnwa

bsxbgnwa1#

ds pwp account disabled属性具有ldap语法布尔值。opendj服务器只接受“true”和“false”值。我不是springldap方面的Maven,但是如果属性的语法未知,我怀疑库是否能够正确地将java布尔值转换为正确的ldap值。

7tofc5zh

7tofc5zh2#

我知道如果

ds-pwp-account-disabled

属性不存在于条目中,则用户不会被禁用=用户已启用。
所以试试看,不添加这个属性就是用户启用了。

if(!account.getEnabled()){ //suppose that it's returning a boolean
  context.setAttributeValue("ds-pwp-account-disabled", "true");
}

相关问题