Unable to modify 'cn' attribute via ldap3 module, Python 3.x

Question

I'm trying to modify 'cn' attribute of a user in Active Directory domain but it fails. Also I can't add add this attribute during the user creation process. It shows this error:

{'result': 67, 'description': 'notAllowedOnRDN', 'dn': '', 'message': 
'000020B1: UpdErr: DSID-030F1087, problem 6004 (CANT_ON_RDN), data 0\n\x00', 
'referrals': None, 'type': 'modifyResponse'}

My code:

def ad_connect():
    server = Server(ADSERVER, use_ssl=True, port=636, get_info=ALL)
    conn = Connection(server, SU_LOGIN, SU_PASS, auto_bind=True, 
                      check_names=True)
    return conn
connect = ad_connect()
...
user_dn = "CN=full.name,OU=Users,DC=test,DC=com"
cn = {'cn': (MODIFY_REPLACE, 'Full Name')} # it must be "Full Name" instead of "full.name"
connect.modify(user_dn, changes=cn) 
...
connect.unbind()

Is there any way to perform this modification? There are no issues with creating the user without this attribute, by the way.

What does "does not work" mean? I see no clear problem statement here. — Mad Physicist, Feb 11 '18 at 20:08
@MadPhysicist I mean it fails during the modification process — Anton Belov, Feb 11 '18 at 20:10

score 3 · Accepted Answer · answered Feb 11 '18 at 22:54

3

I've figured out! There is a 'modify_dn' option in ldap3 module.

connect.modify_dn(user_dn, NEW_DN)

answered Feb 11 '18 at 22:54

Anton Belov

83
1
12

Unable to modify 'cn' attribute via ldap3 module, Python 3.x

1 Answers1