Skip to content

spring-ldap auto fetch operational fields


Were working on a tool that lets users change there password (generated). And I’m walking in to a litle problem where using Spring Ldap (2.1.0.RELEASE).

Now we want to set some of the operational attributes. This is the code I use:

  public void updatePassword(LdapUser ldapUser) {
    String[] userOrg = ldapUser.getUserName().split("@");
    Name dn = buildDn(userOrg[1], ldapUser.getUserName());
    DirContextOperations context = ldapTemplate.lookupContext(dn);
    context.setAttributeValue(USER_PASSW, ldapUser.getUserPassword());
    if(!context.attributeExists("pwdReset")) {
      context.setAttributeValue("pwdReset", "TRUE");

Now as long the operational attribute pwdReset is never set this bit of code works fine. But if it has ever been set (and thus is the value FALSE). You can get the error code:

LDAP: error code 20 – modify/add: pwdReset: value #0 already exists

Now I know its by design the Ldap does not give the operational attributes back. But there has to be a way in Spring Ldap to tell it that you always want to also have the Operational Attributes.

Anny sugestions would be nice.



You’re testing the wrong thing. Testing for existence is pointless anyway. You should be testing for whether it is already set to TRUE, and only setting it if it isn’t.

Actually you should just remove the test, as the test is just as expensive as the set. I would also recommend not setting it to FALSE but rather removing the attribute altogether, which has the same semantics as FALSE. Without the test and with this change you can’t possibly get this problem.

User contributions licensed under: CC BY-SA
2 People found this is helpful