ldap connection issue

I have the following configuration in my jboss-conf.xml which I use in the code to create a new user in LDAP.

 <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
 开发者_运维问答       <module-option name="debug">true</module-option> 
        <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
            <module-option name="java.naming.security.authentication">simple</module-option>
            <module-option name="pwdChangeAttr">pwdattribute</module-option>
        <!-- number that represents (busnessUser|nonBusinessUser) and (inactive|active|discarded) - uses bitwise-->
        <module-option name="userType">employeeType</module-option>
            <module-option name="java.naming.provider.url">ldap://devhost-ldap.ghost.com:10389</module-option>
            <module-option name="bindDN">uid=root,ou=users,dc=Product,DC=Ghost,DC=COM</module-option>
            <!--module-option name="jaasSecurityDomain">jboss.security:service=JaasSecurityDomain,domain=jmx-console</module-option-->   
            <!--module-option name="bindCredential">1hzUmi4rjRZcWdVFqoh7FD</module-option-->
            <module-option name="bindCredential">GhostCredential</module-option>
            <module-option name="rolesDn">ou=groups</module-option>
            <module-option name="usersDn">ou=users</module-option>
            <module-option name="objectClass">groupOfNames</module-option>
    <module-option name="baseCtxDN">dc=product,dc=ghost,dc=com</module-option>
    <module-option name="baseFilter">(uid={0})</module-option>
    <module-option name="rolesCtxDN">dc=Product,dc=ghost,dc=com</module-option>
    <module-option name="roleFilter">(member={1})</module-option>
    <module-option name="roleAttributeID">cn</module-option>
    <module-option name="roleRecursion">-1</module-option>
    <module-option name="searchScope">SUBTREE_SCOPE</module-option>
    <module-option name="defaultRole">Authenticated</module-option>
    <module-option name="allowEmptyPasswords">false</module-option> 
     </login-module>

I create subcontext like:

createUserAttr.append(userAttrName).append(ASSIGNMENT_OPERATER)
                .append(userUid).append(COMMA_SEPARATER)
                .append(commonNameAttribute).append(ASSIGNMENT_OPERATER)
                .append(userDistinguishedName);
        logger.info("createUserAttr: " + createUserAttr.toString());
        getLdapConnection().createSubcontext(createUserAttr.toString(),
                atrs);

where the logger prints out:createUserAttr: uid=test,ou=users

Can you please tell me why I am still receiving this exception?

   An exception has occured when trying to create an LDAP user javax.naming.NameNotFoundException:
 [LDAP: error code 32 - The provided entry uid=test,ou=users cannot be added because its suffix is not defined as one of the suffixes within the Directory Server]; remaining name 'uid=root,ou=users'

There's a circularity here. You seem to be trying to use uid=root,ou=users,dc=Product,DC=Ghost,DC=COM as the login DN to make changes to the directory, and you are also writing code to create this user. How is that going to work?

If that is somehow going to work, the error just means that the context returned by getLdapConnection() cannot contain the RDN uid=root,ou=users. I think you have to just supply a single-part RDN here, so you should navigate to the 'users' context and create uid=root as a subcontext of that.