moving users and groups to an ou ?

Lukasz Zalewski lukas at eecs.qmul.ac.uk
Thu Jun 7 05:07:59 MDT 2012


On 07/06/12 11:25, Andrew Bartlett wrote:
> On Thu, 2012-06-07 at 10:49 +0200, denis.bonnenfant wrote:
>> Hello,
>> I'm working on adding support in samba-tool for moving users and groups
>> to OUs, just like the windows mmc utility does. This is required for
>> command-line GPO support.
>>
>> Basically for moving user to ou=new_ou, I tried something like :
>> ...
>> m = samdb.search(base=dc=example, expression="(samaccountname=user)")
>> samdb.delete(m[0].dn)
>> m[0].dn =  "cn=user,ou=new_ou,dc=example"
>> samdb.add(m[0].dn)
>> ....
>> But I'm getting errors, as  some constraints in samdb prevents some
>> attributes to be written directly (primarygroup...)
>>
>> I tried with an ldif message, but i get the same errors. My conclusion
>> is that I have to bypass the samdb module constraints,  is there a way
>> to do that in python ? And in this case, does the groups memberships
>> will be updated ?
>
> Why are you not just renaming the users?  You cannot just delete and add
> users like that.
>
> Andrew Bartlett
>

Hi all,
Denis, I presume all you want to do is a dn change.
You could use moddn operation to move it to a different OU 
(http://tools.ietf.org/html/rfc4511#section-4.9). Example ldif:

dn: CN=bar,OU=Domain Users,DC=mydomain,DC=com
changetype: moddn
newRDN: CN=bar
deleteoldrdn: 1
newsuperior: OU=Domain Users Test,DC=mydomain,DC=com

I have only tested it using ldapmodify tool against S4 but i'm assuming 
it will also work with an appropriate samdb call.

Regards

L


More information about the samba-technical mailing list