Java Ldap: Cannot create an user with password in the Active Directory (LDAP: error code 53 - 0000001F)

Question

I'm trying to create an user with password in the Active Directory installed in a virtual machine. I have imported the certificate generated from the Active Directory into the JVM that runs in the Intelij IDE.

C:\Program Files\Java\jdk-13.0.1\bin>keytool -import -trustcacerts -keystore "C:\Program Files\Java\jdk-13.0.1\lib\security\cacerts" -storepass changeit -noprompt -alias certificadoAD -file "C:\Users\sandBox\Downloads\CertificadoAD.cer"

An ldaps:// connection is established, nonetheless I get the error:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A1262, problem 5003 (WILL_NOT_PERFORM), data 0
 ]; remaining name 'cn=IGiveUp,ou=_Estagiarios,ou=usuarios,ou=_SUPERIOR,dc=my,dc=domain,dc=com,dc=br'
    at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3231)
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3104)
    at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2895)
    at java.naming/com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:424)
    at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:299)
    at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:217)
    at java.naming/javax.naming.directory.InitialDirContext.bind(InitialDirContext.java:211)

Java code:

public static void main(String[] args) {

        Hashtable<String, Object> env = new Hashtable<String, Object>(11);

        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldaps://192.168.15.8:636/");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, "cn=Administrator,cn=Users,dc=my,dc=domain,dc=com,dc=br");
        env.put(Context.SECURITY_CREDENTIALS, "1Q2W3E4R!");

        try {
            System.setProperty("com.sun.jndi.ldap.object.disableEndpointIdentification", "true");
            DirContext ctx = new InitialDirContext(env);

            Name dn = LdapNameBuilder.newInstance("dc=my,dc=domain,dc=com,dc=br")
                .add("ou", "_SUPERIOR")
                .add("ou", "usuarios")
                .add("ou", "_Estagiarios")
                .add("cn", "IGiveUp")
                .build();

            ctx.bind(dn, null, buildAttributes());

            ctx.close();
        } catch (NamingException e) {
            e.printStackTrace();
        }
    }

private static Attributes buildAttributes() {
        BasicAttribute ocattr = new BasicAttribute("objectclass");
        ocattr.add("top");
        ocattr.add("person");
        ocattr.add("organizationalPerson");
        ocattr.add("User");
        Attributes attrs = new BasicAttributes();
        attrs.put(ocattr);
        attrs.put("uid", "IGiveUp");
        attrs.put("cn", "IGiveUp");
        attrs.put("sn", "IGiveUp");
        attrs.put("givenName", "IGiveUp");
        attrs.put("pwdLastSet", "-1");
        attrs.put("userAccountControl", "512");
        attrs.put("unicodePwd", "1Q2W3E4R");

        return attrs;
    }

The same error occurs when using Spring Boot:

application.properties:

#External LDAP directory config:
# ============================================================================
spring.ldap.urls=ldaps://192.168.15.8:636
spring.ldap.base=dc=my,dc=domain,dc=com,dc=br
spring.ldap.username=cn=Administrator,cn=Users,dc=my,dc=domain,dc=com,dc=br
spring.ldap.password=1Q2W3E4R!

Java code:

@SpringBootApplication
public class ProjectApplication {
    public static void main(String[] args) {
        System.setProperty("com.sun.jndi.ldap.object.disableEndpointIdentification","true");
        SpringApplication.run(ProjectApplication.class, args);
    }
}

public void createUser(String username, String password) {
        Name dn = LdapNameBuilder.newInstance()
            .add("ou", "_SUPERIOR")
            .add("ou", "usuarios")
            .add("ou", "_Estagiarios")
            .add("cn", username)
            .build();

        DirContextAdapter context = new DirContextAdapter(dn);
        context.setAttributeValues("objectclass", new String[]
                {
                    "top",
                    "person",
                    "organizationalPerson",
                    "User"
                });
        context.setAttributeValue("cn", username);
        context.setAttributeValue("sn", username);
        context.setAttributeValue("userAccountControl", "512");
        context.setAttributeValue("pwdLastSet", "-1");
        context.setAttributeValue("sAMAccountName", "qpwoeiruty");
        context.setAttributeValue("unicodePwd", password);

        ldapTemplate.bind(context);
    }

Answer 1

I found the solution in this link:

Getting WILL_NOT_PERFORM error when trying to enable user via LDAP

    String password = "1Q2W3E4Rf!";
    final byte[] quotedPasswordBytes = ('"'+ password +'"').getBytes("UTF-16LE");
    attrs.put("unicodePwd", quotedPasswordBytes);

Spring Boot:

    final byte[] quotedPasswordBytes = ('"'+ password +'"').getBytes("UTF-16LE");
    context.setAttributeValue("unicodePwd", quotedPasswordBytes);

    ldapTemplate.bind(context);