CODEWITHSUNDEEP
javaldapjndi
Pallavi
Pallavi

Reputation: 11

JAVA_LDAP: Removing user from group

I am trying to remove a user from an LDAP group using a java code. Though it seems to be very simple, but it is throwing error with member and uniquemember attributes.

    public String removeGroupMembership(InitialDirContext ctx, String sGroup, String sMember){
    String status = "";
    System.out.println("entered removeGroupMembership:"+sGroup);
    System.out.println("The memeber to be added is: "+sMember);
    ModificationItem mods[] = new ModificationItem[1];
    mods[0]= new ModificationItem(InitialDirContext.REMOVE_ATTRIBUTE, new BasicAttribute("member", sMember));
      try {
        ctx.modifyAttributes(sGroup,mods);
        System.out.println("Group Modified");

Error - 1. for member -

javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - Failed to find member in mandatory or optional attribute list.]; remaining name 'cn=........' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3166) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:277) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:192) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:181) at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167) at test.bulk.RemoveGroupFromUser.removeGroupMembership(RemoveGroupFromUser.java:69) at test.bulk.RemoveGroupFromUser.main(RemoveGroupFromUser.java:32)

  1. for uniqueMember -

javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=........' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3156) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:277) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:192) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:181) at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167) at test.bulk.RemoveGroupFromUser.removeGroupMembership(RemoveGroupFromUser.java:69) at test.bulk.RemoveGroupFromUser.main(RemoveGroupFromUser.java:32)

Upvotes: 1

Views: 3585

Answers (1)

Roshith
Roshith

Reputation: 2175

  1. Make sure the group entry has 'uniquemember ' or 'member ' attribute.
  2. Make sure you pass the complete DN of the member to be deleted. Eg: cn=userMember,ou=xy,dc=xyx,dc=xzx
  3. Make sure you are authorized (have admin privilege) to delete/update directory entries. Eg. for SunOne LDAP only cn=Directory Manager has the privilege to create/delete/update entries.

Upvotes: 2

Related Questions