Ruby NetLdap - Move user entry from one container to another in Samba4

Question

I'm using net-ldap's rename method to move a user from one OU to another; however, I am getting an "Old RDN must be deleted" error:

#<OpenStruct code=53, error_message="00002035: Unwilling to perform. Old RDN must be deleted", matched_dn="", message="Unwilling to perform">

Here's the method I created:

def self.move(user, group)
  new_rdn = "CN=#{user.cn.first}"
  new_superior = "OU=#{group},OU=People,DC=example,DC=com"
  ldap_connection.rename(
    olddn: user.dn, 
    newrdn: new_rdn, 
    delete_attributes: true, 
    new_superior: new_superior
  )
end

The same response occurs when trying to change just the RDN (CN) as well. The server being contacted is a Samba4 server. Adding, deleting, updating, etc. are all working as expected. Only having trouble with renaming.

Thanks for the rename/modify_dn example. This method was never documented in net-ldap for some reason. — Mike Conigliaro, Jun 05 '17 at 16:46

score 1 · Accepted Answer · answered May 08 '14 at 22:22

Finally discovered the answer. The problem is the way the gem is encoding the true value for delete_attributes, so it was never getting the message to delete the old RDN. I cloned my own copy of the gem and made the following change:

File: lib/net/ber/core_ext/true_class.rb

def to_ber
   "\x01\x01\xFF".force_encoding("ASCII-8BIT")
end

The code for false can also be changed (I don't have any place I use "false" myself).

File: lib/net/ber/core_ext/false_class.rb

def to_ber
  "\x01\x01\x00".force_encoding("ASCII-8BIT")
end

This solution can be found in Issue #31 for the gem.

Ruby NetLdap - Move user entry from one container to another in Samba4

1 Answers1