JNDI Add Users to Groups with ADS

Question

We have been trying to add users to groups using JNDI. Our directory server is Active Directory on Windows 2003.

We were able to create users and groups just fine. However, making these users part of any group is a problem. Here is what the code looks like (inspired by this):

ModificationItem mod[] = new ModificationItem[1];
mod[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE, 
               new BasicAttribute("member", "CN=User1,OU=LocationOfUser"));
localcontext.modifyAttributes("CN=Group1,ou=Group,ou=LocationOfTheGroup", mod);

We get this error back:

javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000525: 
NameErr: DSID-  031A0F80, problem 2001 (NO_OBJECT), data 0, best match of: ''

We have tried to bind to a subroot (and not give the full DN in the attributes) or binding to the root (and giving the full DN in the attributes).

EDIT: We tried the same code, but with a user in the Users CN (CN=abcd,CN=Users), and it works!!! But how come it won't allow it for users outside of that?

Answer 1

The error says "NO_OBJECT". Error code 32 is LDAP_NO_SUCH_OBJECT. So the problem is that one of the identifiers is wrong. Can you list the user or group with the specified identifier?

[EDIT] The error message says best match of: '' which means it can't match any part of the path (the DN), not even the first element. I guess you must use the full path in your case (starting from the root) instead of a RDN.

I have no explanation why you can find the objects with direct queries, though. There must be something different but unless you post all the code, that's about as much as I can help.