我正在尝试从Active Directory中的组中删除某些用户列表。在执行此操作时,我发现以下异常/错误:
javax.naming.OperationNotSupportedException:[LDAP:错误代码53-0000054F:SvcErr:DSID-031A1248,问题5003(WILL_NOT_PERFORM)
下面是我用来创建到Active Directory的连接的代码。
Hashtable<String, Object> objEnvironment;
objEnvironment = new Hashtable<String, Object>(11);
objEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
objEnvironment.put(Context.PROVIDER_URL, "LDAPS://<domain>:636");
objEnvironment.put(Context.SECURITY_AUTHENTICATION, "simple");
objEnvironment.put(Context.SECURITY_PRINCIPAL, <username>);
objEnvironment.put(Context.SECURITY_CREDENTIALS, <password>);
System.setProperty("javax.net.ssl.trustStore", <certificates store path>));
this.objLDAPContext = new InitialLdapContext(objEnvironment, null);
并删除组
Connection objActiveDirectory;
ModificationItem objModificationItem[];
objModificationItem = new ModificationItem[1];
objModificationItem[0]= new ModificationItem(LdapContext.REMOVE_ATTRIBUTE, new BasicAttribute("member", <user e-mail>));
objActiveDirectory = new Connection("LDAPS://<domain>:636"), <username>, <password>);
objActiveDirectory.getContext().modifyAttributes(<group distinguishedname>, objModificationItem);
objActiveDirectory.close();
我应该如何面对这个问题的任何想法?
答案 0 :(得分:2)
您需要用用户的专有名称替换<user e-mail>。