彈出LDAP錯誤更改專有名稱

Question

我很難找到正確的方式來使用Spring LDAP在組織單元之間移動Active Directory中的人員。

我正在使用Spring LDAP 2.0.4.RELEASE。我嘗試了四種不同的方法來設置我嘗試移動的人物對象上的distinguishedName，並且每種方式都會收到LDAP錯誤。

1）設置distinguishedName作爲String，包括dc部。

final Name currentDn = LdapNameBuilder.newInstance("CN=Some Person,OU=Old,OU=Domain Users").build(); 
final String newDn = "CN=Some Person,OU=New,OU=Domain Users,dc=my,dc=domain"; 

final Attribute attributeChange = new BasicAttribute("distinguishedName", newDn); 
final ModificationItem modificationItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attributeChange); 
ldapTemplate.modifyAttributes(currentDn, new ModificationItem[]{modificationItem}); 

這使我以下錯誤：

javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 000020B1: AtrErr: DSID-030F052C, #1: 0: 000020B1: DSID-030F052C, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 31 (distinguishedName) ]; remaining name 'CN=Some Person,OU=Old,OU=Domain Users'

2）設置distinguishedName作爲String，而不的dc部。

final Name currentDn = LdapNameBuilder.newInstance("CN=Some Person,OU=Old,OU=Domain Users").build(); 
//the line below is the only line changed from (1) 
final String newDn = "CN=Some Person,OU=New,OU=Domain Users"; 

final Attribute attributeChange = new BasicAttribute("distinguishedName", newDn); 
final ModificationItem modificationItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attributeChange); 
ldapTemplate.modifyAttributes(currentDn, new ModificationItem[]{modificationItem}); 

這使我一個不同的錯誤：

org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr: DSID-031B0D38, problem 5012 (DIR_ERROR), data 5 ]; remaining name 'CN=Some Person,OU=Old,OU=Domain Users'

3）設置distinguishedName作爲LdapName，包括dc部。

final Name currentDn = LdapNameBuilder.newInstance("CN=Some Person,OU=Old,OU=Domain Users").build(); 
final Name newDn = LdapNameBuilder.newInstance("CN=Some Person,OU=New,OU=Domain Users,dc=my,dc=domain").build(); 

final Attribute attributeChange = new BasicAttribute("distinguishedName", newDn); 
final ModificationItem modificationItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attributeChange); 
ldapTemplate.modifyAttributes(currentDn, new ModificationItem[]{modificationItem}); 

這給了我與（1）相同的錯誤。

4）設置distinguishedName作爲LdapName，而不的dc部。

final Name currentDn = LdapNameBuilder.newInstance("CN=Some Person,OU=Old,OU=Domain Users").build(); 
final Name newDn = LdapNameBuilder.newInstance("CN=Some Person,OU=New,OU=Domain Users").build(); 

final Attribute attributeChange = new BasicAttribute("distinguishedName", newDn); 
final ModificationItem modificationItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attributeChange); 
ldapTemplate.modifyAttributes(currentDn, new ModificationItem[]{modificationItem}); 

這給了我和（1）一樣的錯誤。

我錯過了什麼？這是不是通過Spring LDAP在Active Directory人員對象上更改distinguishedName的正確方法？錯誤消息根本沒有幫助。

Answer 1

顯然，您無法通過修改操作更改distinguishedName屬性。使用Spring LDAP的正確方法是使用LdapTemplate.rename方法。您可以傳遞oldDn和newDn作爲String對象或Name對象。

final Name oldDn = LdapNameBuilder.newInstance("CN=Some Person,OU=Old,OU=Domain Users").build(); 
final Name newDn = LdapNameBuilder.newInstance("CN=Some Person,OU=New,OU=Domain Users").build(); 

ldapTemplate.rename(oldDn, newDn);