将用户添加到ADAM中的角色时出错(发生了约束冲突。(HRESULT异常:0x8007202F)

时间:2023-01-26 02:59:34

I get the error when trying to add users to a group.

尝试将用户添加到组时出现错误。

A constraint violation occurred. (Exception from HRESULT: 0x8007202F)

发生了约束违规。 (HRESULT异常:0x8007202F)

public string addUserToGroup(string userDN, string groupDN)
{
    try
    {
        DirectoryEntry de = new DirectoryEntry("LDAP://localhost:389/" + groupDN);
        de.Username = "myUsername";
        de.Password = "myPassword";
        de.Properties["member"].Add(userDN);
        de.CommitChanges();
        de.Close();
        //return true;
        return "yes";
    }

I'm not sure if it has something to do with the way I have set-up ADAM since I have used application directory partitions. So I have a DN of CN=sandbox,DC=ITOrg I then have 3 directory partitions like so:

因为我使用了应用程序目录分区,所以我不确定它是否与我设置ADAM的方式有关。所以我有一个CN =沙箱,DC = ITOrg然后有3个目录分区,如下所示:

CN=sandbox,CN=testApp1,DC=ITOrg
CN=sandbox,CN=testApp2,DC=ITOrg  .. etc

I have my users stored only in CN=sandbox,DC=ITOrg but I then want to give users access to 1 or more of the partitions so I was trying to add the CN of the user

我的用户只存储在CN = sandbox,DC = ITOrg但是我想让用户访问一个或多个分区,所以我试图添加用户的CN

CN=1@test.com,CN=People,CN=sandbox,DC=ITOrg

to this:

CN=Readers,CN=Roles,CN=sandbox,CN=testApp1,DC=ITOrg

which does not work. Although the code does work if I add the user to the Role in CN=Readers,CN=Roles,CN=sandbox,DC=ITOrg. So does that mean that I have to store users in every partition? Duplicating data?

这不起作用。虽然如果我将用户添加到CN = Readers中的Role,CN = Roles,CN = sandbox,DC = ITOrg,代码确实有效。那么这是否意味着我必须在每个分区中存储用户?复制数据?

Does anyone have any thoughts?

有人有想法吗?

2 个解决方案

#1


Typically, you'll also have to set at least the SAM Account Name on a new user entry on "straight up AD" - not sure if that applies to ADAM as well.

通常,您还必须在“直接向上AD”上的新用户条目上至少设置SAM帐户名称 - 不确定这是否也适用于ADAM。

Marc

#2


Have you checked whether the password you are trying to create adheres to the configured password policy?

您是否检查过您尝试创建的密码是否符合配置的密码策略?

Also, from your example, it seems that you are trying to save the password in clear text. I am not familiar with ADAM, but most Auth & Auth providers require that you hash the password before attempting to save it.

此外,从您的示例中,您似乎正在尝试以明文形式保存密码。我不熟悉ADAM,但大多数Auth和Auth提供程序要求您在尝试保存密码之前对其进行哈希处理。

#1


Typically, you'll also have to set at least the SAM Account Name on a new user entry on "straight up AD" - not sure if that applies to ADAM as well.

通常,您还必须在“直接向上AD”上的新用户条目上至少设置SAM帐户名称 - 不确定这是否也适用于ADAM。

Marc

#2


Have you checked whether the password you are trying to create adheres to the configured password policy?

您是否检查过您尝试创建的密码是否符合配置的密码策略?

Also, from your example, it seems that you are trying to save the password in clear text. I am not familiar with ADAM, but most Auth & Auth providers require that you hash the password before attempting to save it.

此外,从您的示例中,您似乎正在尝试以明文形式保存密码。我不熟悉ADAM,但大多数Auth和Auth提供程序要求您在尝试保存密码之前对其进行哈希处理。