Components All New MacOS Windows Linux iOS
Examples Mac & Win Server Client Guides Statistic FMM Blog Deprecated Old

LDAP.Rename

Changes the distinguished name of an entry in the directory.

Component Version macOS Windows Linux Server iOS SDK
LDAP 6.0 ✅ Yes ✅ Yes ✅ Yes ✅ Yes ❌ No
MBS( "LDAP.Rename"; LDAPRef; DN; NewRDN { ; NewParent; DeleteOldRdn } )   More

Parameters

Parameter Description Example Flags
LDAPRef The reference number for the LDAP connection. $ldap
DN The distinguished name of the entry to be renamed.
NewRDN The new relative distinguished name.
NewParent The distinguished name of the new parent for this entry.
This parameter enables you to move the entry to a new parent container.
Can be empty.
Optional
DeleteOldRdn 1 if the old relative distinguished name should be deleted; 0 if the old relative distinguished name should be retained. 1 Optional

Result

Returns OK or error.

Description

Changes the distinguished name of an entry in the directory.
This function is available effective with LDAP 3.

Examples

Moves an user from one group to other group:

$userDN = "CN=testUser,OU=TestOU1,OU=Groups,DC=example,DC=com"
$rdn = "CN=testUser"
$targetOU = "OU=TestOU2,OU=Groups,DC=example,DC=com"
$deleteOldRdn = 1

MBS( "LDAP.Rename" ; $ldap ; $personDN ; $rdn ; $targetOU ; $deleteOldRdn)

Example script to assign an organization unit for an user:

# ========================================
# Purpose:
# Assigns the OU of a single AD user
# Returns:
# 0 for success
# Error text if unsuccessful
# Parameters:
# $serverName
# $serverDomain
# $personDN
# $targetOU (the full DN of the target OU)
# Called from:
# (script) "Set AD OU"
# Author:
# John Munro (HJM) from Deutsche Schule Tokyo Yokohama
# Notes:
# none
# History:
# 2020-07-10 HJM - created
# 2021-05-20 HJM - Replaced bind code with call to LDAPServerBind (including added parameter $serverDomain to all calls)
# ========================================
#
Set Variable [ $! ; Value: #Assign ( Get ( ScriptParameter ) ) ]
#
// # The branch in LDAP containing all active entries
// Set Variable [ $searchBase ; Value: "ou=DSTY Groups,dc=dsty,dc=ac,dc=jp" ]
#
Set Error Capture [ On ]
#
# If debugging these parameters will be empty so fill with test data
If [ $serverName = "" ]
    Set Variable [ $serverName ; Value: "sys-dc1" ]
End If
If [ $serverName = "" ]
    Set Variable [ $serverDomain ; Value: "dsty.ac.jp" ]
End If
If [ $personDN = "" ]
    Set Variable [ $personDN ; Value: "CN=DySIS testUser,OU=VerwaltungOU,OU=DSTY Groups,DC=dsty,DC=ac,DC=jp" ]
End If
If [ $targetOU = "" ]
    Set Variable [ $targetOU ; Value: "OU=Pre-handover,OU=DSTY Groups,DC=dsty,DC=ac,DC=jp" ]
End If
#
#
# Bind to LDAP
Perform Script [ Specified: From list ; “LDAPServerBind” ; Parameter: # ( "serverName" ; $serverName ) & # ( "serverDomain" ; $serverDomain ) ]
# Returns $error,$resultText, $ldap
#
Set Variable [ $! ; Value: #Assign ( Get ( ScriptResult ) ) ]
If [ $error <> 0 ]
    Go to Layout [ original layout ; Animation: None ]
    Show Custom Dialog [ "LDAP error" ; $resultText ]
    Exit Script [ Text Result: # ( "error" ; $error ) & # ( "resultText" ; "LDAP error: " & $resultText ) ]
End If
#
#
# Check the targetOU is valid (exit with error if not)
Set Variable [ $LDAPFilter ; Value: "" ]
Set Variable [ $result ; Value: MBS ( "LDAP.Search" ; $ldap ; $targetOU ; "base" ; $LDAPFilter ; "" ; 0 ; 4 ; 1 ) ]
If [ MBS("LDAP.SearchResult.DistinguishedName"; $ldap; 0 ) = $targetOU ]
    #
    # Check the target is an actual Organisational Unit
    Set Variable [ $objectClasses ; Value: MBS("LDAP.SearchResult.AttributeValuesByName" ; $ldap ; 0 ; "objectClass" ) ]
    #
    If [ FilterValues ( $objectClasses ; "organizationalUnit" ) = "" ]
        # The target is not an actual Organisational Unit so exit with error
        Set Variable [ $errorText ; Value: "Target is not an Organizational Unit." & ¶ & $targetOU & ¶ & $result ]
        Show Custom Dialog [ "LDAP Error" ; $errorText ]
        # Cleanup
        Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
        Exit Script [ Text Result: "LDAP error. " & $errorText ]
    End If
    #
End If
#
#
# Check the personDN is valid and update the dn to contain the targetOU
Set Variable [ $LDAPFilter ; Value: "" ]
Set Variable [ $result ; Value: MBS ( "LDAP.Search" ; $ldap ; $personDN ; "base" ; $LDAPFilter ; "" ; 0 ; 4 ; 1 ) ]
If [ MBS( "IsError" ) ]
    Set Variable [ $errorText ; Value: "Failed to locate the personDN." & ¶ & $personDN & ¶ & $result ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
Set Variable [ $foundDN ; Value: MBS("LDAP.SearchResult.DistinguishedName"; $ldap; 0 ) ]
If [ $foundDN <> $personDN ]
    Set Variable [ $errorText ; Value: "The found record DN did not match personDN." & ¶ & "Found: " & $foundDN & ¶ & "PersonDN: " & $personDN & ¶ & $result ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
// # Build the JSON for the modify
// Set Variable [ $json ; Value: "[{ \"operation\": \"Replace\", \"type\": \"distinguishedName\", \"value\": \"" & $newPersonDN & "\" }]" ]
#
# Attempt to move the user record to the new DN
Set Variable [ $cn ; Value: MBS("LDAP.SearchResult.AttributeValuesByName" ; $ldap ; 0 ; "cn" ) ]
Set Variable [ $rdn ; Value: "CN=" & $cn ]
Set Variable [ $deleteOldRdn ; Value: 1 ]
Set Variable [ $result ; Value: MBS( "LDAP.Rename" ; $ldap ; $personDN ; $rdn ; $targetOU ; $deleteOldRdn ) ]
If [ MBS( "IsError" ) ]
    Set Variable [ $errorText ; Value: "Failed to modify the personDN." & ¶ & "From: " & $personDN & ¶ & "To: " & $rdn & ¶ & "Under: " & $targetOU & ¶ & $result ]
    Show Custom Dialog [ "LDAP Error" ; $errorText ]
    # Cleanup
    Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
    Exit Script [ Text Result: "LDAP error. " & $errorText ]
End If
#
#
# Cleanup
Set Variable [ $releaseResult ; Value: MBS("LDAP.Release"; $ldap) ]
Go to Layout [ original layout ; Animation: None ]
#
#
# Return error free result
Exit Script [ Text Result: 0 ]

See also

This function checks for a license.

Created 15th December 2015, last changed 27th July 2021


LDAP.ReleaseAll - LDAP.Search