Reputation: 661
Ruby NetLdap - Move user entry from one container to another in Samba4
I'm using net-ldap's rename method to move a user from one OU to another; however, I am getting an "Old RDN must be deleted" error:
#<OpenStruct code=53, error_message="00002035: Unwilling to perform. Old RDN must be deleted", matched_dn="", message="Unwilling to perform">
Here's the method I created:
def self.move(user, group)
new_rdn = "CN=#{user.cn.first}"
new_superior = "OU=#{group},OU=People,DC=example,DC=com"
ldap_connection.rename(
olddn: user.dn,
newrdn: new_rdn,
delete_attributes: true,
new_superior: new_superior
)
end
The same response occurs when trying to change just the RDN (CN) as well. The server being contacted is a Samba4 server. Adding, deleting, updating, etc. are all working as expected. Only having trouble with renaming.
Upvotes: 3
Views: 918
Answers (1)
Reputation: 661
Finally discovered the answer. The problem is the way the gem is encoding the true value for delete_attributes, so it was never getting the message to delete the old RDN. I cloned my own copy of the gem and made the following change:
File: lib/net/ber/core_ext/true_class.rb
def to_ber
"\x01\x01\xFF".force_encoding("ASCII-8BIT")
end
The code for false can also be changed (I don't have any place I use "false" myself).
File: lib/net/ber/core_ext/false_class.rb
def to_ber
"\x01\x01\x00".force_encoding("ASCII-8BIT")
end
This solution can be found in Issue #31 for the gem.
Upvotes: 1
Related Questions
- Add entries in ldap server
- Active Directory LDAP move user to different OU - Ruby
- Moving user entry to another container entry in Active Directory: "there is a naming violation"
- Ruby net-ldap add user
- net-ldap create user with password
- Python LDAP - Move user to different OU
- ActiveLdap - Move user from one container to another
- Removing a member from an AD group using net-ldap
- Better way to query an LDAP users via ruby net-ldap?
- Is it possible to change an AD user account using Ruby LDAP?