Tagged: ,

This topic has 8 replies, 3 voices, and was last updated 5 years, 3 months ago by rakeshuce.

  • Author
    Posts
  • #15687
     gautamkct
    Participant

    Hi Team,

    Can you please help me with disable OpenDJ user from Java API.I tried with below code but it doesn’t seems to be working

    new BasicAttribute("ds-pwp-account-disabled", true);

    However from OPenDJ server i could disable user from below command.

    $./manage-account \
    set-account-is-disabled \
    –port 4444 \
    –bindDN “uid=testuser,ou=people,dc=example,dc=com” \
    –bindPassword bribery \
    –operationValue true \
    –targetDN uid=rootuser,ou=people,dc=example,dc=com \
    –trustAll
    Account Is Disabled: true

    Thanks
    Gautam

    #15688
     Ludo
    Moderator

    What does it mean, it doesn’t seem to be working ?
    Do you get an error when trying to add the attribute ?
    How do you check if the account is disabled ?

    #15689
     gautamkct
    Participant

    Thanks for prompt response.

    Please find my answers.

    What does it mean, it doesn’t seem to be working ?
    I could set value using modifications but while getting it always shows attrs.get("get-account-is-disabled") and attrs.get("ds-pwp-account-disabled")) as null

    Do you get an error when trying to add the attribute ?
    No error

    How do you check if the account is disabled ?
    I can check from OPenDJ server using “get-account-is-disabled ” but from Java not sure how to disable and enable user.Looking for some help here

    • This reply was modified 5 years, 6 months ago by gautamkct.
    • This reply was modified 5 years, 6 months ago by gautamkct.
    • This reply was modified 5 years, 6 months ago by gautamkct.
    #15693
     Ludo
    Moderator

    There is no such thing as a "get-account-is-disabled" attribute.
    The "ds-pwp-account-disabled" attribute is an operational attribute. It must be requested specifically in the search request, and then the attrs.get() method will return it.
    Please check the Directory Server’s schema for the complete definition of these attributes.

    #15694
     gautamkct
    Participant

    Thanks for reply.

    I tried with “ds-pwp-account-disabled”` attribute but no luck.
    Please find below code snippet as well

    
    Properties properties = new Properties();	
    properties.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    properties.put(Context.PROVIDER_URL, "ldap://127.0.0.1:1389");
    properties.put(Context.SECURITY_AUTHENTICATION,"simple");
    properties.put(Context.SECURITY_PRINCIPAL,"cn=Directory Manager"); 
    properties.put(Context.SECURITY_CREDENTIALS,"[email protected]");   
    
    DirContext context = new InitialDirContext(properties);
    Attributes attrs = context.getAttributes("uid=334455678,ou=users,dc=example,dc=com");
    System.out.println("USer Status: " + attrs.get("ds-pwp-account-disabled"));

    Thanks In advance.

    Thanks
    Gautam

    • This reply was modified 5 years, 6 months ago by gautamkct.
    • This reply was modified 5 years, 6 months ago by gautamkct.
    #15702
     gautamkct
    Participant

    Hi Ludo,

    Could you please suggest any pointer or link.

    Thanks
    Gautam Sharma

    #15705
     Ludo
    Moderator

    JNDI Tutorial :

    Operational Attributes

    Some directories have the notion of “operational attributes” which are attributes associated with a directory object for administrative purposes. An example of operational attributes is the access control list for an object.

    In the getAttributes() and search() methods, you can specify that all attributes associated with the requested objects be returned by supply null as the list of attributes to return. The attributes returned do not include operational attributes. In order to retrieve operational attributes, you must name them explicitly.

    #15710
     gautamkct
    Participant

    Thanks Ludo For information.

    I could actually update user status from java JNDI and once disabled user is not able to authenticate which is desired behavior.

    sample code snippet for reference
    Attribute mod0 = new BasicAttribute("ds-pwp-account-disabled", "true");

    Thanks
    Gautam Sharma

    #16929
     rakeshuce
    Participant

    Hi Gautam,
    The code snippet allows you to create a user with this operational attribute.
    What if the user is created by some body else and you are only responsible for retrieval .

    SearchResult srLdapUser = findAccountByAccountName(dirCtx, ldapSearchBase, ldapAccountToLookup);
    System.out.print(“The search result is” + srLdapUser.getAttributes());
    The srLdapUser.getAttributes() does not contain any attribute “ds-pwp-account-disabled”. how did u make it work in your case .?

    thanks
    Rakesh

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?