NAMING_VIOLATION when trying to add DN

1,405 views
Skip to first unread message

apca...@gmail.com

unread,
Jun 16, 2017, 2:49:03 PM6/16/17
to ldaptive
I am attempting to add a new DN to our Active Directory without luck. I seem to be stuck on a NAMING_VIOLATION and neither our AD admin or me can figure out any problems with the name. I am able to modify entries on existing DNs as well as bind/search entries, but cannot add anything. The bindDN has full control so there shouldn't be permission issues.

Here is the relevant code.

try (Connection conn = createConnection()) {
   LdapEntry entry = new LdapEntry("CN=s_test,OU=Secondary Accounts,OU=Enterprise Applications,DC=testad,DC=ad,DC=example,DC=com”,
     new LdapAttribute("cn", "s_test"),  
     new LdapAttribute("objectCategory", "CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=example,DC=com”),
     new LdapAttribute("objectClass", "user"),
     new LdapAttribute("objectClass", "organizationalPerson"),
     new LdapAttribute("objectClass", "person"),
     new LdapAttribute("objectClass", "top"),
     new LdapAttribute("userAccountControl", "514")
    );

    AddOperation addOperation = new AddOperation(conn);
    addOperation.execute(new AddRequest(entry.getDn(), entry.getAttributes()));
 }


Daniel Fisher

unread,
Jun 16, 2017, 2:58:25 PM6/16/17
to ldap...@googlegroups.com
If your AD admin doesn't know I'm not sure how much help I'll be.
However, post the stack trace and I'll take a look.

--Daniel Fisher

--
You received this message because you are subscribed to the Google Groups "ldaptive" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ldaptive+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Adam C

unread,
Jun 16, 2017, 3:08:30 PM6/16/17
to ldaptive
Sorry I meant to post that in the original post. Here you go:

[org.ldaptive.LdapException@438589491::resultCode=NAMING_VIOLATION, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, message=javax.naming.InvalidNameException: CN=s_test,OU=Secondary Accounts,OU=Enterprise Applications,DC=testad,DC=ad,DC=example,DC=com: [LDAP: error code 64 - 00002099: NameErr: DSID-030510C7, problem 2005 (NAMING_VIOLATION), data 0, best match of:

'OU=Secondary Accounts,OU=Enterprise Applications,DC=testad,DC=ad,DC=example,DC=com'


'OU=Secondary Accounts,OU=Enterprise Applications,DC=testad,DC=ad,DC=example,DC=com'


at org.ldaptive.provider.ProviderUtils.throwOperationException(ProviderUtils.java:55)

at org.ldaptive.provider.jndi.JndiConnection.processNamingException(JndiConnection.java:619)

at org.ldaptive.provider.jndi.JndiConnection.add(JndiConnection.java:326)

at org.ldaptive.AddOperation.invoke(AddOperation.java:28)

at org.ldaptive.AddOperation.invoke(AddOperation.java:9)

at org.ldaptive.AbstractOperation.execute(AbstractOperation.java:126)

at edu.vcu.ldap.LdapServiceImpl.createAccount(LdapServiceImpl.java:153)

at edu.vcu.ldap.LdapServiceImpl.createAccount(LdapServiceImpl.java:137)

at edu.vcu.ldap.test.LdapServiceIT.createAccountTest(LdapServiceIT.java:78)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:497)

at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)

at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)

at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)

at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)

at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75)

at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86)

at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84)

at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)

at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:252)

at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:94)

at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)

at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)

at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)

at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)

at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)

at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)

at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)

at org.junit.runners.ParentRunner.run(ParentRunner.java:363)

at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:191)

at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)

at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:678)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)

at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)

Caused by: javax.naming.InvalidNameException: CN=s_test,OU=Secondary Accounts,OU=Enterprise Applications,DC=testad,DC=ad,DC=example,DC=com: [LDAP: error code 64 - 00002099: NameErr: DSID-030510C7, problem 2005 (NAMING_VIOLATION), data 0, best match of:

'OU=Secondary Accounts,OU=Enterprise Applications,DC=testad,DC=ad,DC=example,DC=com'


at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3074)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)

at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:812)

at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:341)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:268)

at org.ldaptive.provider.jndi.JndiConnection.add(JndiConnection.java:315)

... 35 more

Daniel Fisher

unread,
Jun 17, 2017, 9:52:30 PM6/17/17
to ldap...@googlegroups.com
My first guess is that underscore '_' isn't an allowed character for the CN attribute.

--Daniel Fisher

Adam C

unread,
Jun 26, 2017, 11:51:15 AM6/26/17
to ldaptive
The problem was with the objectClass attribute. Instead of creating a separate LdapAttribute object for each objectClass I should have been creating a single LdapAttribute object with multiple values. If you set it up as separate objects it only uses the last one. In my case it was trying to create the LdapEntry with a single objectClass of "top", however the "user" objectClass is required.  Here's the corrected code:

LdapEntry entry = new LdapEntry("CN=s_test,OU=Secondary Accounts,OU=Enterprise Applications,DC=testad,DC=ad,DC=example,DC=com”, 
     new LdapAttribute("cn", "s_test"),
     new LdapAttribute("objectCategory", "CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=example,DC=com”),
 
     new LdapAttribute("objectClass", "user", "organizationalPerson", "person", "top"), 
     new LdapAttribute("userAccountControl", "514") 
    ); 

Reply all
Reply to author
Forward
0 new messages