This topic has 8 replies, 3 voices, and was last updated 5 years, 3 months ago by 
-
Posts
-
Hi Team,
Can you please help me with disable OpenDJ user from Java API.I tried with below code but it doesn’t seems to be working
new BasicAttribute("ds-pwp-account-disabled", true);However from OPenDJ server i could disable user from below command.
$./manage-account \
set-account-is-disabled \
–port 4444 \
–bindDN “uid=testuser,ou=people,dc=example,dc=com” \
–bindPassword bribery \
–operationValue true \
–targetDN uid=rootuser,ou=people,dc=example,dc=com \
–trustAll
Account Is Disabled: trueThanks
GautamWhat does it mean, it doesn’t seem to be working ?
Do you get an error when trying to add the attribute ?
How do you check if the account is disabled ?Thanks for prompt response.
Please find my answers.
What does it mean, it doesn’t seem to be working ?
I could set value using modifications but while getting it always showsattrs.get("get-account-is-disabled")andattrs.get("ds-pwp-account-disabled"))as nullDo you get an error when trying to add the attribute ?
No errorHow do you check if the account is disabled ?
I can check from OPenDJ server using “get-account-is-disabled ” but from Java not sure how to disable and enable user.Looking for some help hereThere is no such thing as a
"get-account-is-disabled"attribute.
The"ds-pwp-account-disabled"attribute is an operational attribute. It must be requested specifically in the search request, and then theattrs.get()method will return it.
Please check the Directory Server’s schema for the complete definition of these attributes.Thanks for reply.
I tried with “ds-pwp-account-disabled”` attribute but no luck.
Please find below code snippet as wellProperties properties = new Properties(); properties.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); properties.put(Context.PROVIDER_URL, "ldap://127.0.0.1:1389"); properties.put(Context.SECURITY_AUTHENTICATION,"simple"); properties.put(Context.SECURITY_PRINCIPAL,"cn=Directory Manager"); properties.put(Context.SECURITY_CREDENTIALS,"[email protected]"); DirContext context = new InitialDirContext(properties); Attributes attrs = context.getAttributes("uid=334455678,ou=users,dc=example,dc=com"); System.out.println("USer Status: " + attrs.get("ds-pwp-account-disabled"));Thanks In advance.
Thanks
GautamJNDI Tutorial :
Operational Attributes
Some directories have the notion of “operational attributes” which are attributes associated with a directory object for administrative purposes. An example of operational attributes is the access control list for an object.
In the getAttributes() and search() methods, you can specify that all attributes associated with the requested objects be returned by supply null as the list of attributes to return. The attributes returned do not include operational attributes. In order to retrieve operational attributes, you must name them explicitly.
Thanks Ludo For information.
I could actually update user status from java JNDI and once disabled user is not able to authenticate which is desired behavior.
sample code snippet for reference
Attribute mod0 = new BasicAttribute("ds-pwp-account-disabled", "true");Thanks
Gautam SharmaHi Gautam,
The code snippet allows you to create a user with this operational attribute.
What if the user is created by some body else and you are only responsible for retrieval .SearchResult srLdapUser = findAccountByAccountName(dirCtx, ldapSearchBase, ldapAccountToLookup);
System.out.print(“The search result is” + srLdapUser.getAttributes());
The srLdapUser.getAttributes() does not contain any attribute “ds-pwp-account-disabled”. how did u make it work in your case .?thanks
Rakesh
You must be logged in to reply to this topic.
