Spring LDAP and MemberOf

Question

I m actually building an application that deals with a LDAP using Spring (http://projects.spring.io/spring-ldap/)

I m having some trouble when trying to modify the memberOf property.

In fact, when I modify my user without modifying the memberOf property, the modification is well taken in care.

When I try to modify my memberOf property using a List(String) with :

CN=Administrateurs,CN=Builtin,DC=<dc>,DC=<dc>
CN=Utilisateurs,CN=Builtin,DC=<dc>,DC=<dc>

, I got something like this error :

javax.naming.OperationNotSupportedException : Error while updating user XXX YYY - matricule AAAAAAA: [LDAP: error code 53 - 0000209A: SvcErr: DSID-031A10E7, problem 5003 (WILL_NOT_PERFORM), data 0

From now :

• I m having root rights on the LDAP
• I m able to modify other properties but not this one
• I send the value at a good format (List(String) with good entry)

Answer 1

The memberOf property is read-only to you. It is maintained automatically when you add a roleOccupant or uniqueMember to a group, depending on your schema. So do that.

Answer 2

Since you're not providing any code it's hard to pinpoint the exact problem in your case, however a common problem when working with attributes that represent distinguished names (such as the memberOf attribute) is that you need to take extra care when updating in order to avoid duplicates.

In short, you need to tell Spring LDAP that this particular attribute represents distinguished names, by working with Name instances rather than plain strings.

The problem (and solution) is described in the reference documentation here (for non-ODM-solutions) and here (for ODM).