I'm having trouble finding the proper way to move a person in Active Directory between organizational units with Spring LDAP.
I am using Spring LDAP 2.0.4.RELEASE. I have tried four different ways to set the distinguishedName on the person object that I am trying to move, and I get an LDAP error each way.
1) Setting distinguishedName as a String, including the dc portion.
final Name currentDn = LdapNameBuilder.newInstance("CN=Some Person,OU=Old,OU=Domain Users").build();
final String newDn = "CN=Some Person,OU=New,OU=Domain Users,dc=my,dc=domain";
final Attribute attributeChange = new BasicAttribute("distinguishedName", newDn);
final ModificationItem modificationItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attributeChange);
ldapTemplate.modifyAttributes(currentDn, new ModificationItem[]{modificationItem});
This gives me the following error:
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 000020B1: AtrErr: DSID-030F052C, #1: 0: 000020B1: DSID-030F052C, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 31 (distinguishedName) ]; remaining name 'CN=Some Person,OU=Old,OU=Domain Users'
2) Setting distinguishedName as a String, without the dc portion.
final Name currentDn = LdapNameBuilder.newInstance("CN=Some Person,OU=Old,OU=Domain Users").build();
//the line below is the only line changed from (1)
final String newDn = "CN=Some Person,OU=New,OU=Domain Users";
final Attribute attributeChange = new BasicAttribute("distinguishedName", newDn);
final ModificationItem modificationItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attributeChange);
ldapTemplate.modifyAttributes(currentDn, new ModificationItem[]{modificationItem});
This gives me a different error:
org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr: DSID-031B0D38, problem 5012 (DIR_ERROR), data 5 ]; remaining name 'CN=Some Person,OU=Old,OU=Domain Users'
3) Setting distinguishedName as a LdapName, including the dc portion.
final Name currentDn = LdapNameBuilder.newInstance("CN=Some Person,OU=Old,OU=Domain Users").build();
final Name newDn = LdapNameBuilder.newInstance("CN=Some Person,OU=New,OU=Domain Users,dc=my,dc=domain").build();
final Attribute attributeChange = new BasicAttribute("distinguishedName", newDn);
final ModificationItem modificationItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attributeChange);
ldapTemplate.modifyAttributes(currentDn, new ModificationItem[]{modificationItem});
This gives me the same error as (1).
4) Setting distinguishedName as a LdapName, without the dc portion.
final Name currentDn = LdapNameBuilder.newInstance("CN=Some Person,OU=Old,OU=Domain Users").build();
final Name newDn = LdapNameBuilder.newInstance("CN=Some Person,OU=New,OU=Domain Users").build();
final Attribute attributeChange = new BasicAttribute("distinguishedName", newDn);
final ModificationItem modificationItem = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, attributeChange);
ldapTemplate.modifyAttributes(currentDn, new ModificationItem[]{modificationItem});
This gives me the same error as (1) as well.
What am I missing? Is this not the proper way to change the distinguishedName on an Active Directory person object with Spring LDAP? The error messages are not very helpful at all.
