4.9 - Add User

User addUser(User user) throws SecurityException

This command creates a new RBAC user. The command is valid only if the new user is not already a member of the USERS data set. The USER data set is updated. The new user does not own any session at the time of its creation.

required parameters:

• User#userId - maps to INetOrgPerson uid
• User#password - used when password authentication is required
• User#ou - contains the name of an already existing User OU node

optional parameters:

• User#pwPolicy - contains the name of an already existing OpenLDAP password policy node
• User#cn - maps to INetOrgPerson common name attribute
• User#sn - maps to INetOrgPerson surname attribute
• User#description - maps to INetOrgPerson description attribute
• User#title - maps to INetOrgPerson title attribute
• User#employeeType - maps to INetOrgPerson employeeType attribute
• User#phones * - multivalued attribute maps to organizationalPerson telephoneNumber attribute
• User#mobiles * - multivalued attribute maps to INetOrgPerson mobile attribute
• User#emails * - multivalued attribute maps to INetOrgPerson mail attribute
• User#address * - multivalued attribute maps to organizationalPerson postalAddress, st, l, postalCode, postOfficeBox attributes
• User#beginTime - HHMM - determines begin hour user may activate session
• User#endTime - HHMM - determines end hour user may activate session.
• User#beginDate - YYYYMMDD - determines date when user may sign on
• User#endDate - YYYYMMDD - indicates latest date user may sign on
• User#beginLockDate - YYYYMMDD - determines beginning of enforced inactive status
• User#endLockDate - YYYYMMDD - determines end of enforced inactive status
• User#dayMask - 1234567, 1 = Sunday, 2 = Monday, etc - specifies which day of user may sign on
• User#timeout - number (in minutes) of session inactivity time allowed
• User#props * - multivalued attribute contains property key and values are separated with a ‘:'. e.g. mykey1:myvalue1

Parameters:

• user - User entity must contain User#userId and User#ou (required) and optional User#description,User#roles and many others.

Returns:

• Returns entity containing user data that was added.

Throws:

• SecurityException - thrown in the event of data validation or system error.

addUser

import org.apache.directory.fortress.core.SecurityException;
import org.apache.directory.fortress.core.AdminMgr;
import org.apache.directory.fortress.core.AdminMgrFactory;
import org.apache.directory.fortress.core.ReviewMgr;
import org.apache.directory.fortress.core.ReviewMgrFactory;
import org.apache.directory.fortress.core.model.User;

@test
public static void testCreateUser(String userId, String password, String userOu)
{
    String szLocation = ".testCreateUser";
    try
    {
        // Instantiate the AdminMgr implementation.  All AdminMgr APIs can throw a SecurityException in the event
        // of rule violation or system error.
        AdminMgr adminMgr = AdminMgrFactory.createInstance();
        User inUser = new User(userId, password);
        // ou is required attribute:
        inUser.setOu(userOu);
        // Now call the add API.  The API will return User entity with associated LDAP dn if creation was successful.
        User outUser = adminMgr.addUser(inUser);
        assertNotNull(outUser);

        // Instantiate the ReviewMgr implementation which is used to interrogate policy information.
        ReviewMgr reviewMgr = ReviewMgrFactory.createInstance();

        // now read the newly created User entity back:
        User outUser2 = reviewMgr.readUser(inUser);
        assertTrue(szLocation + " failed read", inUser.equals(outUser2));
        LOG.info(szLocation + " user [" + outUser2.getUserId() + "] success");
    }
    catch (SecurityException ex)
    {
        LOG.error(szLocation + " caught SecurityException rc=" + ex.getErrorId() + ", msg=" + ex.getMessage(), ex);
        fail(ex.getMessage());
    }
}