The ‘cn’ attribute cannot be modified via the ldap3 module, Python 3.x… here is a solution to the problem.
The ‘cn’ attribute cannot be modified via the ldap3 module, Python 3.x
I’m trying to modify the “cn” attribute for a user in an Active Directory domain, however
It fails. Also, I can’t add this attribute during user creation.
It shows this error:
{'result': 67, 'description': 'notAllowedOnRDN', 'dn': '', 'message':
'000020B1: UpdErr: DSID-030F1087, problem 6004 (CANT_ON_RDN), data 0\n\x00',
'referrals': None, 'type': 'modifyResponse'}
My code:
def ad_connect():
server = Server(ADSERVER, use_ssl=True, port=636, get_info=ALL)
conn = Connection(server, SU_LOGIN, SU_PASS, auto_bind=True,
check_names=True)
return conn
connect = ad_connect()
...
user_dn = "CN=full.name,OU=Users,DC=test,DC=com"
cn = {'cn': (MODIFY_REPLACE, 'Full Name')} # it must be "Full Name" instead of "full.name"
connect.modify(user_dn, changes=cn)
...
connect.unbind()
Is there any way to make this modification? By the way, there is no problem creating a user without this property.
Solution
There is a ‘modify_dn’ option in the ldap3 module.
connect.modify_dn(user_dn, NEW_DN)