How to enable user via LDAP in AD?

In my program (jldap-based) I trying to enable user in AD by setting userAccountControl value to 512. User created with following attributes:

objectClass=user
cn=username
name=username
userAccountControl=512
userPassword={BASE64}<base64 encoded password>
sAMAccountName=username
distinguishedName=username,CN=Users,DC=company,DC=com

But I get exception:

LDAPException: Unwilli开发者_高级运维ng To Perform (53) Unwilling To Perform
LDAPException: Server Message: 0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0

May be anybody can tell me where I'm making an error? Maybe I forgot some required attribute?

EDIT:

My code (It is trivial and I think that no errors in it):

LDAPConnection connection;
LDAPMessageQueue messageQueue;
...
LDAPAttributeSet attributes = new LDAPAttributeSet();
attributes.add(new LDAPAttribute("objectClass", "user"));
attributes.add(new LDAPAttribute("cn", "username"));
attributes.add(new LDAPAttribute("name", "username"));
attributes.add(new LDAPAttribute("userAccountControl", "512"));
attributes.add(new LDAPAttribute("userPassword", "{BASE64}<base64 encoded password>"));
attributes.add(new LDAPAttribute("sAMAccountName", "username"));
attributes.add(new LDAPAttribute("distinguishedName", "username,CN=Users,DC=company,DC=com"));

LDAPEntry entry = new LDAPEntry("CN=username,CN=Users,DC=company,DC=com", attributes);
connection.add(entry);

This error can arise when the password is not correctly encoded. Make sure it's a Base64 encoded UTF-16LE string.

Example (if you are using Oracle JVM)

String pass = "password";
sun.misc.BASE64Encoder enc = new sun.misc.BASE64Encoder();
String encoded = enc.encode(pass.getBytes("UTF-16LE"));

UPDATE 1: Have you tried running your code without the userAccountControl attribute (to rule in or out that it's actually that attribute that is causing problems)?

I noticed that your distinguished name attribute looks a bit strange, as well. It should probably look something like CN=username,OU=Users,DC=company,DC=com.

UPDATE 2: see Adding a user with a password in Active Directory LDAP. WILL_NOT_PERFORM can be returned if you are trying to set password for an entry (which you are, since you're creating it) over a non-SSL connection. You need to make sure you are connecting to the AD server over SSL (and set up certificates as required).