Using Ruby LDAP running on Linux, I can create a new Active Directory user account without a problem. Now I want to be rename a user account username. When I try to change the sAMAccountName, it doesn't work. Is it possible to change an AD user account using Ruby LDAP? If so, how?
+2
A:
What is the error returned, when you say "doesn't work"? You should be perfectly capable to alter the value of sAMAccountName using any LDAP client or library provided that the connection was originally authenticated as an administrative user (i.e. a user who has the permission to alter the said entry and entry attribute.)
UPDATE
It would appear from the error message that, although you claim to only attempt the modification of sAMAccountName, a change of CN was also attempted, or CN is special (it is part of the DN.)
In order to change the CN you'll probably have to use modrdn to rename the CN part of the DN (the standardized equivalent of MoveHere):
conn.modrdn('CN=old-name,OU=orgunit,DC=domain', 'CN=new-name', true)
conn.modify('CN=new-name,OU=orgunit,DC=domain', 'sAMAccountName' => new-acct)
Cheers, V.
vladr
2009-03-12 19:35:00
A:
Any chance you can post some of your code? Also you may want to try using the MoveHere method which is really using for moving user accounts, but can also be used to rename an account.
mrTomahawk
2009-03-12 20:00:16
A:
Vlad, the error I'm getting is the following:
AdAccountModifier::UserModificationFailed: Failed to rename account of john: AdAccountModifier::UserModificationFailed AD error modifying cn, userPrincipalName, sAMAccountName on jane: LDAP::ResultError Operations error
I'm able to create a new AD account and disable the account so I know I'm authenticated as an administrative user. I just can't rename the sAMAccountName. Is there a step I'm missing?
Max
2009-03-14 03:47:53
Are you trying to modify the CN as well? If so are you also modifying the DN, which contains the CN?
vladr
2009-03-14 05:02:38
A:
mrTomahawk, isn't MoveHere a method for VBScript? I'm using Ruby LDAP running on Linux. Is there an equivalent MoveHere method for Ruby LDAP?
Max
2009-03-14 03:51:19
A:
Hi Max,
I see this is a year old but I'll answer anyway.
I'm using ActiveLdap in a Rails app....which uses the Ruby/LDAP gem behind it. I can do the following in my code.
aduser = User.find("matt")
puts aduser.cn
# prints 'matt'
puts aduser.distinguishedname
# prints 'cn=matt,ou=here,dc=my,dc=domain'
# THIS RENAMES THE ACCOUNT AND AUTOMATICALLY HANDLES ALL THE ATTRIBUTES
# THAT NEED TO CHANGE... e.g. name, cn, distinguishedname, dn
aduser.cn = "newmatt"
aduser.save
You should be able to look through the ActiveLdap code and figure out how they do that through Ruby/Ldap.
What doesn't currently work in ActiveLdap however is 'newsuperior', so there's not currently a way to move an object from one container to another. I'm still working out how to make that happen.
Matt
Matt
2010-04-14 15:51:31