I'm using net-ldap's rename method to move a user from one OU to another; however, I am getting an "Old RDN must be deleted" error:
#<OpenStruct code=53, error_message="00002035: Unwilling to perform. Old RDN must be deleted", matched_dn="", message="Unwilling to perform">
Here's the method I created:
def self.move(user, group)
new_rdn = "CN=#{user.cn.first}"
new_superior = "OU=#{group},OU=People,DC=example,DC=com"
ldap_connection.rename(
olddn: user.dn,
newrdn: new_rdn,
delete_attributes: true,
new_superior: new_superior
)
end
The same response occurs when trying to change just the RDN (CN) as well. The server being contacted is a Samba4 server. Adding, deleting, updating, etc. are all working as expected. Only having trouble with renaming.
Finally discovered the answer. The problem is the way the gem is encoding the true value for delete_attributes, so it was never getting the message to delete the old RDN. I cloned my own copy of the gem and made the following change:
File: lib/net/ber/core_ext/true_class.rb
def to_ber
"\x01\x01\xFF".force_encoding("ASCII-8BIT")
end
The code for false can also be changed (I don't have any place I use "false" myself).
File: lib/net/ber/core_ext/false_class.rb
def to_ber
"\x01\x01\x00".force_encoding("ASCII-8BIT")
end
This solution can be found in Issue #31 for the gem.