堆栈内存溢出
  简体   繁体   English

是否可以使用Ruby LDAP更改AD用户帐户?

[英]Is it possible to change an AD user account using Ruby LDAP?

 原文  2009-03-12 04:00:18       ruby/ active-directory/ ldap

问题描述

Using Ruby LDAP running on Linux, I can create a new Active Directory user account without a problem. 使用在Linux上运行的Ruby LDAP,我可以毫无问题地创建一个新的Active Directory用户帐户。 Now I want to be rename a user account username. 现在,我想重命名一个用户帐户的用户名。

When I try to change the sAMAccountName , it doesn't work. 当我尝试更改sAMAccountName ,它不起作用。 Is it possible to change an AD user account using Ruby LDAP? 是否可以使用Ruby LDAP更改AD用户帐户? If so, how? 如果是这样,怎么办?

3 个解决方案

解决方案1
 4  2009-03-12 19:35:00

What is the error returned, when you say "doesn't work"? 当您说“不起作用”时,返回的错误是什么? You should be perfectly capable to alter the value of sAMAccountName using any LDAP client or library provided that the connection was originally authenticated as an administrative user (ie a user who has the permission to alter the said entry and entry attribute.) 您应该完全有能力使用任何LDAP客户端或库来更改sAMAccountName的值,前提是该连接最初是作为管理用户进行身份验证的(即,有权更改所述条目和条目属性的用户。)

UPDATE UPDATE

It would appear from the error message that, although you claim to only attempt the modification of sAMAccountName , a change of CN was also attempted, or CN is special (it is part of the DN .) 从错误消息中可以看出,尽管您声称只尝试修改sAMAccountName ,但也尝试更改CN ,或者CN是特殊的(它是DN一部分)。

In order to change the CN you'll probably have to use modrdn to rename the CN part of the DN (the standardized equivalent of MoveHere ): 为了更改CN您可能必须使用modrdn重命名DNCN部分( MoveHere的标准等效MoveHere ): 

conn.modrdn('CN=old-name,OU=orgunit,DC=domain', 'CN=new-name', true)
conn.modify('CN=new-name,OU=orgunit,DC=domain', 'sAMAccountName' => new-acct)

解决方案2
 1  2010-04-14 15:51:31

I see this is a year old but I'll answer anyway. 我看到这是一岁,但我还是会回答。

I'm using ActiveLdap in a Rails app....which uses the Ruby/LDAP gem behind it. 我在Rails应用中使用ActiveLdap 。...在其背后使用Ruby / LDAP gem。 I can do the following in my code. 我可以在代码中执行以下操作。 

aduser = User.find("matt")
puts aduser.cn
# prints 'matt'
puts aduser.distinguishedname
# prints 'cn=matt,ou=here,dc=my,dc=domain'

# THIS RENAMES THE ACCOUNT AND AUTOMATICALLY HANDLES ALL THE ATTRIBUTES
# THAT NEED TO CHANGE... e.g. name, cn, distinguishedname, dn
aduser.cn = "newmatt"
aduser.save

You should be able to look through the ActiveLdap code and figure out how they do that through Ruby/Ldap. 您应该能够浏览ActiveLdap代码,并弄清楚它们如何通过Ruby / Ldap做到这一点。

What doesn't currently work in ActiveLdap however is 'newsuperior', so there's not currently a way to move an object from one container to another. 但是,当前在ActiveLdap中不起作用的是“ newsuperior”,因此当前没有一种将对象从一个容器移动到另一个容器的方法。 I'm still working out how to make that happen. 我仍在研究如何实现这一目标。

Matt 马特

解决方案3
 0  2009-03-12 20:00:16

Any chance you can post some of your code? 您有机会发布一些代码吗? Also you may want to try using the MoveHere method which is really using for moving user accounts, but can also be used to rename an account. 另外,您可能想尝试使用MoveHere方法,该方法实际上用于移动用户帐户,但也可以用于重命名帐户。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Ruby-AD / LDAP身份验证-阅读用户详细信息 - Ruby - AD/LDAP auth - read user details 使用ldap通过rails上的devise ruby​​连接到广告 - Using ldap to connect to ad with devise ruby on rails Ruby on Rails使用omniauth-ldap在AD上向用户发送电子邮件 - Ruby on Rails sending emails to users on AD using omniauth-ldap 使用LDAP / AD进行登录身份验证时,如果使用AD记录不存在用户行,该如何创建一个用户行 - upon login authentication with LDAP/AD how do I create a user row if one is non existent using AD records 结合使用LDAP和Ruby Webrick HTTPAuth - Using Ruby Webrick HTTPAuth with LDAP 使用Ruby访问LDAP DIT - Using Ruby to access LDAP DIT Ruby net-ldap添加用户 - Ruby net-ldap add user 是否可以在Ruby中更改“ ++”运算符? - Is it possible to change the “++” operator in Ruby? 使用net-ldap从AD组中删除成员 - Removing a member from an AD group using net-ldap 在Windows上安装ruby-ldap gem(使用ruby 2.1.6) - Installing ruby-ldap gem on windows (using ruby 2.1.6)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM