1 Reply Latest reply on Mar 21, 2012 9:36 AM by EJP

    javax.naming.directory.SchemaViolationException when adding user to a group

      I am using springldap for an application where I should create/edit user in an Micrsoft Windows AD. I know this is not the spring forum but the exception is javax.naming exception therefor I hope that it is not problem to ask the question in this forum. The user creation works fine but when I try to add a user to a group I get javax.naming.directory.SchemaViolationException.
      This is my code:
      public boolean addUserToGroup(ADUser user, ADGroup group) {
                try {
                     log.debug("User distinguished name: "+user.getDistinguishedName());
                     log.debug("Group distinguished name: "+group.getDistinguishedName());
                     String distinguishedGroupName = user.getDistinguishedName();
                     // now we add the distinguished name to the attributes
                     String[] split = distinguishedGroupName.split(",DC");
                     ModificationItem[] modItems = new ModificationItem[] {
                               new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("member", user.getDistinguishedName()))
                     ldapTemplate.modifyAttributes(split[0], modItems);
                     log.debug("Added user to group "+split[0]);
                     //DirContextOperations context = ldapTemplate.lookupContext(split[0]);
                     //log.debug("Group lookup successfully..");
                     //context.addAttributeValue("member", user.getUsername());
                     //context.addAttributeValue("memberUid", user.getUsername());
                     //log.debug("Added attribute to group...");
                     return true;
                catch(Exception e) {
                     log.debug("Error on adding user to group", e);
                     return false;
      I should clarify the use of the split operations: The reason for that is that the distinguished name contains the complete path including the base of the active directory. I have defined the base in the springldap.xml file therefore I must not use the complete path only the path without the base.

      I understand the exception but I do not understand where I violate the Schema of the AD. At the beginning I tried to manager hte membership on user side, but this is not working, because the memberOf attribute is readonly.

      Thank you for your help!