moving users and groups to an ou ?
denis bonnenfant
denis.bonnenfant at diderot.org
Thu Jun 7 10:58:21 MDT 2012
Le 07/06/2012 14:35, denis bonnenfant a écrit :
> Le 07/06/2012 13:07, Lukasz Zalewski a écrit :
>> On 07/06/12 11:25, Andrew Bartlett wrote:
>>> On Thu, 2012-06-07 at 10:49 +0200, denis.bonnenfant wrote:
>>>> Hello,
>>>> I'm working on adding support in samba-tool for moving users and
>>>> groups
>>>> to OUs, just like the windows mmc utility does. This is required for
>>>> command-line GPO support.
>>>> ....
>>>> I tried with an ldif message, but i get the same errors. My conclusion
>>>> is that I have to bypass the samdb module constraints, is there a way
>>>> to do that in python ? And in this case, does the groups memberships
>>>> will be updated ?
>>>
>>> Why are you not just renaming the users? You cannot just delete and
>>> add
>>> users like that.
>>>
> I guessed that it can't be done.
>>> Andrew Bartlett
>>>
>>
>> Hi all,
>> Denis, I presume all you want to do is a dn change.
>> You could use moddn operation to move it to a different OU
>> (http://tools.ietf.org/html/rfc4511#section-4.9). Example ldif:
>>
>> dn: CN=bar,OU=Domain Users,DC=mydomain,DC=com
>> changetype: moddn
>> newRDN: CN=bar
>> deleteoldrdn: 1
>> newsuperior: OU=Domain Users Test,DC=mydomain,DC=com
>>
>
> Ok, you're right ! I figured that modrdn can only rename the object in
> the same branch, not moving it into the tree.
>
>> I have only tested it using ldapmodify tool against S4 but i'm
>> assuming it will also work with an appropriate samdb call.
>>
> I'll try it soon.
The ldif method works perfectly with ldbmodify. But when I try to use it
with samba-tools's python scripts, with something like :
m = """
dn: %s
changetype: moddn
newrdn: %s
deleteoldrdn: 1
newSuperior: %s
""" % (old_dn, new_rdn, new_superior)
samdb.modify_ldif(m)
I have an error :
ERROR(ldb): Failed to move user "some.user" - objectclass_attrs:
attribute 'newrdn' on entry
'CN=some.user,OU=Test2,OU=Parcs,DC=diderot,DC=org' was not found in the
schema!
I dig in the code and found nothing related to modifydn operations.
Did I missed something ?
More information about the samba-technical
mailing list