LDAP ModifyAttributes by email

Question

I need to modify the attributes on an existing record in LDAP. It seems like the only way tI can get the record is by using a lookup with:

ctx.modifyAttributes(CN=Joe blue,cn=user,DC=foo,DC=com" , mods); 

But I need to get it by email (or login for that matter). I have tried several variations but get a naming exception, for example:

ctx.modifyAttributes(&(objectClass=user)(mail=jblow*)),cn=user,DC=foo,DC=com)

javax.naming.InvalidNameException: (&(objectClass=user)(mail=jblow*)),cn=user,DC=foo,DC=com: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8349, best match of: '(&(objectClass=user)(mail=jblow*)),cn=user,DC=foo, DC=COM,

Any suggestions would be greatly appreciated.

Answer 1

You cannot provide a search filter for a Modify operation. You need to provide a full DN as your first example shows.

Therefore, you would first have to do the search for (mail=jblow*) in the base DN of cn=user,dc=foo,dc=com to find the full DN of the object of interest.

Then you can do your Modify, based on the full DN.