I need to be able to login with uidnumber and uid, but i keep getting errors like:
testCreateEmployee(com.companyName.personnel.services.EmployeeServiceImplTest) Time elapsed: 0.021 sec <<< ERROR!
java.lang.NullPointerException: null
at com.companyName.personnel.services.EmployeeServiceImplTest.tearDown(EmployeeServiceImplTest.java:60)
testCreateEmployeeFailsWhenNoMandatorycomelds(com.companyName.personnel.services.EmployeeServiceImplTest) Time elapsed: 0.02 sec <<< ERROR!
com.unboundid.ldap.sdk.LDAPException: Unable to add entry 'uidnumber=1,uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com' because its parent entry 'uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com' smiths not exist in the server.
at com.unboundid.ldap.listener.InMemoryRequestHandler.addEntry(InMemoryRequestHandler.java:4027)
at com.unboundid.ldap.listener.InMemoryRequestHandler.importFromLDIF(InMemoryRequestHandler.java:3848)
at com.unboundid.ldap.listener.InMemoryDirectoryServer.importFromLDIF(InMemoryDirectoryServer.java:1216)
at com.companyName.personnel.utils.companyNameInMemoryDirectoryServer.init(companyNameInMemoryDirectoryServer.java:37)
at com.companyName.personnel.services.EmployeeServiceImplTest.setUp(EmployeeServiceImplTest.java:43)
An LDAP DN (distinguished name) is like an absolute path on a filesystem. Not only does it uniquely identify an entry in the server, but it also tells you where it is in the Directory Information Tree (DIT). The DN that you're providing is "uidnumber=1,uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com", which should be the immediate child of "uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com", which should itself be the immediate child of "ou=people,o=companyName,dc=companyName,dc=com", and so on. You can't add an entry unless its immediate parent entry exists (unless you're adding one of the base entries of the server, called naming context or suffix entries, since they don't have parents).
In this case, however, it looks like the DN that you're providing probably isn't what you actually want to use. It's probably not the case that you want that particular user entry, which defines a user with a uid of johnsmith, immediately below another entry with a uid of johnsmith. In your case, you probably want to just leave the "uidnumber=1," portion off of the DN. The uidnumber attribute is present in the entry that you're adding, and it probably doesn't really need to be in the DN. So I'd try adding the entry with just a DN of "uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com".
If you do that and you still get a similar error, but this time saying that parent entry "ou=people,o=companyName,dc=companyName,dc=com" doesn't exist, then it means that you don't have the right base DIT in place and you need to add the necessary directory structure entries before adding the user entries.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
thanks for answer, but whole point of this problem is that i need to be able to use uidnumber and uid to login. (currently uid is being used for logging in)
Last edit: asdads 2018-03-15
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Wanting to be able to use the uidnumber attribute to authenticate a user doesn't mean that you necessarily need to include uidnumber in the DN of the entry. Properly designed LDAP client applications should not make any assumptions whatsoever about which attribute(s) appear in an entry's DN. Assuming that the application is using LDAP simple authentication, then it should perform the authentication with a process that does something like:
Perform a search to find the desired entry based on the identifier supplied by the user. For example, if you want the user to be able to specify the value of either the uid or uidnumber attribute, and the user enters a value of "1", then that search might use a filter like "(|(uid=1)(uidnumber=1))".
Perform a bind with the DN of the entry identified by the search and the password supplied by the user.
Applications should never try to construct the DN for the target user entry because that locks you into a very specific pattern that prevents any kind of flexibility in the future. However, even if you do have one of those very poorly designed clients that does try to construct the DN, then you still don't want to put both uidnumber and uid in the DN because that means that the user would have to know and supply both of those values, when I assume that you want to allow the user to enter either one but not have to provide both.
In the unlikely event that you actually do want to provide both uid and uidnumber in the DN, then you could use that by constructing a multivalued RDN by separating the components with a plus sign. In that case, instead of "uidnumber=1,uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com", you would have "uidnumber=1+uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com". However, I strongly discourage doing this because multivalued RDNs aren't very common and many clients don't deal with them properly.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I need to be able to login with uidnumber and uid, but i keep getting errors like:
testCreateEmployee(com.companyName.personnel.services.EmployeeServiceImplTest) Time elapsed: 0.021 sec <<< ERROR! java.lang.NullPointerException: null at com.companyName.personnel.services.EmployeeServiceImplTest.tearDown(EmployeeServiceImplTest.java:60) testCreateEmployeeFailsWhenNoMandatorycomelds(com.companyName.personnel.services.EmployeeServiceImplTest) Time elapsed: 0.02 sec <<< ERROR! com.unboundid.ldap.sdk.LDAPException: Unable to add entry 'uidnumber=1,uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com' because its parent entry 'uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com' smiths not exist in the server. at com.unboundid.ldap.listener.InMemoryRequestHandler.addEntry(InMemoryRequestHandler.java:4027) at com.unboundid.ldap.listener.InMemoryRequestHandler.importFromLDIF(InMemoryRequestHandler.java:3848) at com.unboundid.ldap.listener.InMemoryDirectoryServer.importFromLDIF(InMemoryDirectoryServer.java:1216) at com.companyName.personnel.utils.companyNameInMemoryDirectoryServer.init(companyNameInMemoryDirectoryServer.java:37) at com.companyName.personnel.services.EmployeeServiceImplTest.setUp(EmployeeServiceImplTest.java:43)my LDAP code that does not work:
Program is made with java + spring/maven. Any help is appericated!
An LDAP DN (distinguished name) is like an absolute path on a filesystem. Not only does it uniquely identify an entry in the server, but it also tells you where it is in the Directory Information Tree (DIT). The DN that you're providing is "uidnumber=1,uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com", which should be the immediate child of "uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com", which should itself be the immediate child of "ou=people,o=companyName,dc=companyName,dc=com", and so on. You can't add an entry unless its immediate parent entry exists (unless you're adding one of the base entries of the server, called naming context or suffix entries, since they don't have parents).
In this case, however, it looks like the DN that you're providing probably isn't what you actually want to use. It's probably not the case that you want that particular user entry, which defines a user with a uid of johnsmith, immediately below another entry with a uid of johnsmith. In your case, you probably want to just leave the "uidnumber=1," portion off of the DN. The uidnumber attribute is present in the entry that you're adding, and it probably doesn't really need to be in the DN. So I'd try adding the entry with just a DN of "uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com".
If you do that and you still get a similar error, but this time saying that parent entry "ou=people,o=companyName,dc=companyName,dc=com" doesn't exist, then it means that you don't have the right base DIT in place and you need to add the necessary directory structure entries before adding the user entries.
thanks for answer, but whole point of this problem is that i need to be able to use uidnumber and uid to login. (currently uid is being used for logging in)
Last edit: asdads 2018-03-15
Wanting to be able to use the uidnumber attribute to authenticate a user doesn't mean that you necessarily need to include uidnumber in the DN of the entry. Properly designed LDAP client applications should not make any assumptions whatsoever about which attribute(s) appear in an entry's DN. Assuming that the application is using LDAP simple authentication, then it should perform the authentication with a process that does something like:
Applications should never try to construct the DN for the target user entry because that locks you into a very specific pattern that prevents any kind of flexibility in the future. However, even if you do have one of those very poorly designed clients that does try to construct the DN, then you still don't want to put both uidnumber and uid in the DN because that means that the user would have to know and supply both of those values, when I assume that you want to allow the user to enter either one but not have to provide both.
In the unlikely event that you actually do want to provide both uid and uidnumber in the DN, then you could use that by constructing a multivalued RDN by separating the components with a plus sign. In that case, instead of "uidnumber=1,uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com", you would have "uidnumber=1+uid=johnsmith,ou=people,o=companyName,dc=companyName,dc=com". However, I strongly discourage doing this because multivalued RDNs aren't very common and many clients don't deal with them properly.
changing login to uidnumber only works too, but not sure how to do it. Can you help with this? I am new with ldap.
Last edit: asdads 2018-03-15