I have multiple domain controllers configured and want to modify user attributes of users within all domains.
My config looks like this:
<bean id="writeLdapContextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://123.12.123.3:389" />
<property name="base" value="" />
<property name="userDn" value="domainx\userabc" />
<property name="password" value="secret124" />
<property name="pooled" value="false"/>
<property name="referral" value="follow"/>
</bean>
I can successfully modify users within the local domain. It's no problem.
But if I try to modify users in a different domain, I get an error message.
Note: the ldap service user "domainx\userabc" has the correct authorization to do modifications in all domains.
Examples:
1.) Modification of an attribute of an user in another domain
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00000057: LdapErr: DSID-0C04214C, comment: Error in attribute conversion operation, data 0, v1db1
2.) Changed the configuration to use Port 3268 instead of 389
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002035: LdapErr: DSID-0C090B45, comment: Operation not allowed through GC port, data 0, v1db1
Note: I'am able to modify user attributes in the local domain. So my code for modification is correct.
Snippet:
DirContextOperations context = writeLdapTemplate.lookupContext(ldapUser.getDistinguishedName());
context.addAttributeValue(attributeName, attributeValue);
writeLdapTemplate.modifyAttributes(context);
This works perfectly for local domain users.
Anyone has an idea what to do to be able to modify users in the other domains?
I also checked the user with LDAP Browser and he is able to see all domains...
