stackoom
  简体   繁体   中英

Is it possible to change an AD user account using Ruby LDAP?

 原文  2009-03-12 04:00:18       ruby/ active-directory/ ldap

Question

Using Ruby LDAP running on Linux, I can create a new Active Directory user account without a problem. Now I want to be rename a user account username.

When I try to change the sAMAccountName , it doesn't work. Is it possible to change an AD user account using Ruby LDAP? If so, how?

3 answers

solution1
 4  2009-03-12 19:35:00

What is the error returned, when you say "doesn't work"? You should be perfectly capable to alter the value of sAMAccountName using any LDAP client or library provided that the connection was originally authenticated as an administrative user (ie a user who has the permission to alter the said entry and entry attribute.)

UPDATE

It would appear from the error message that, although you claim to only attempt the modification of sAMAccountName , a change of CN was also attempted, or CN is special (it is part of the DN .)

In order to change the CN you'll probably have to use modrdn to rename the CN part of the DN (the standardized equivalent of MoveHere ): 

conn.modrdn('CN=old-name,OU=orgunit,DC=domain', 'CN=new-name', true)
conn.modify('CN=new-name,OU=orgunit,DC=domain', 'sAMAccountName' => new-acct)

solution2
 1  2010-04-14 15:51:31

I see this is a year old but I'll answer anyway.

I'm using ActiveLdap in a Rails app....which uses the Ruby/LDAP gem behind it. I can do the following in my code. 

aduser = User.find("matt")
puts aduser.cn
# prints 'matt'
puts aduser.distinguishedname
# prints 'cn=matt,ou=here,dc=my,dc=domain'

# THIS RENAMES THE ACCOUNT AND AUTOMATICALLY HANDLES ALL THE ATTRIBUTES
# THAT NEED TO CHANGE... e.g. name, cn, distinguishedname, dn
aduser.cn = "newmatt"
aduser.save

You should be able to look through the ActiveLdap code and figure out how they do that through Ruby/Ldap.

What doesn't currently work in ActiveLdap however is 'newsuperior', so there's not currently a way to move an object from one container to another. I'm still working out how to make that happen.

Matt

solution3
 0  2009-03-12 20:00:16

Any chance you can post some of your code? Also you may want to try using the MoveHere method which is really using for moving user accounts, but can also be used to rename an account.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Ruby - AD/LDAP auth - read user details Using ldap to connect to ad with devise ruby on rails Ruby on Rails sending emails to users on AD using omniauth-ldap upon login authentication with LDAP/AD how do I create a user row if one is non existent using AD records Using Ruby Webrick HTTPAuth with LDAP Using Ruby to access LDAP DIT Ruby net-ldap add user Is it possible to change the “++” operator in Ruby? Removing a member from an AD group using net-ldap Installing ruby-ldap gem on windows (using ruby 2.1.6)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM