How to move an eDirectory entry via php?

I have this ldap entry:

cn=blah,ou=apples,ou=people,dc=yay,dc=edu

I need to move that entry to:

cn=blah,ou=oranges,ou=people,dc=yay,dc=edu

My scripts are all PHP so I've been trying to use php.net/ldap_rename

ldap_rename($connection, "cn=blah,ou=apples,ou=people,dc=yay,dc=edu", "cn=blah", "ou=oranges,ou=people,dc=yay,dc=edu", true);

Does not work. It returns false.

This http://us2.php.net/manual/en/function.ldap-rename.php#82393 comment mentions that eDirectory wants to leave the parent as NULL. Like:

ldap_rename($connection, "cn=blah,ou=apples,ou=people,dc=yay,dc=edu", "cn=blah", NULL, true);

That returns TRUE but does not actually move the entry. Not surprising since it's not changing the parent... I'm sure it could change the cn=blah to something else...

I have thought of deleting the entry and recreating it. But that's a painful way to go about it. Writing out and running a LDIF file would also be painful.

So, how do I move an entry from one OU to another, in php, without the pain of my other two options?

What I'm running:

  • Ubuntu 12.04 LTS
  • PHP 5.3.10
  • eDirectory 8.8 is on SLES 11
Edit

So, I found this:

The modrdn change type cannot move an entry to a completely different subtree. To move an entry to a completely different branch, you must create a new entry in the alternative subtree using the old entry's attributes, and then delete the old entry.

From http://www.centos.org/docs/5/html/CDS/ag/8.0/Creating_Directory_Entries-LDIF_Update_Statements.html

I found a couple other pages with similar statements.

So it sounds like I have to make a new entry, copying the attributes, the delete the old one. Like the second painful option I mentioned above.

Well, I ended up using the "create new entry, delete old one" method. I still think I had another way working a while back, but I can't remember what. So here's a basic move function.

function move($connection, $ldapEntryReference, $new_dn){        
    //First, get the values of the current attributes.
    $attributes = array(); //start attributes array
    $firstattr = ldap_first_attribute($connection, $ldapEntryReference);
    $value = ldap_get_values($connection, $ldapEntryReference, $firstattr);
    $attributes[$firstattr] = $value;
    while($attr = ldap_next_attribute($connection, $ldapEntryReference)) {
        if (strcasecmp($attr, 'ACL') !== 0) { //We don't want ACL attributes since 
                                              //eDir/ldap should deal with them for us.
            if (strcasecmp($attr, 'jpegPhoto') === 0) {
                //binary values need to use the ldap_get_values_len function.
                $value = ldap_get_values_len($this->connection, $ldapEntryReference, $attr);
            } else {
                $value = ldap_get_values($this->connection, $ldapEntryReference, $attr);
            }
            $attributes[$attr] = $value;
        }
    }
    //Create a new entry array with the values.
    $entry = array(); //start entry array.
    foreach($attributes as $key => $value) {
        foreach($value as $key2 => $value2) {
            if (strcasecmp($key2, 'count') !== 0) {//get rid of 'count' indexes
                                                   //ldap_add chokes on them.
                $entry[$key][$key2] = $value2;
            }
        }
    }
    //Add the new entry.
    if (ldap_add($connection, $new_dn, $entry)) {
        //Delete the old entry.
        if (ldap_delete($connection, ldap_get_dn($connection, $ldapEntryReference)) {
            return true;
        } else {
            return false;
        }
    } else {
        return false; 
    }
}

Hopefully this helps someone, sometime.

ldap - How to move an eDirectory entry via php?, Well, I ended up using the "create new entry, delete old one" method. I still think I had another way working a while back, but I can't remember what. So here's a  This is a tutorial on how to move files using PHP. To do this, we will be using PHP’s rename function, which essentially renames a given file or directory. For this tutorial, I have created two directories called directory_a and directory_b. In directory_a, I have a text file called sample-file.txt In the code below, I will move sample-file

There actually isn't a need to recreate in eDir. Doing a recreate causes problems in an environment that runs IDM as the object will have a new GUID and the IDM engine will not see the event as a true "move".

The following code moves users fine (tested eDir 8.8.x & eDir 9.x):

$olduserdn = "cn=userid,ou=container1,o=org";
$newdestdn = "ou=container2,o=org";
if (preg_match('/^(cn=[A-Za-z0-9]+)\,(.+)/i', $olduserdn, $rdnmatches))
{
    if (ldap_rename($ldapconn, $olduserdn, $rdnmatches[1], $newdestdn, TRUE))
    {
        print("Moved $olduserdn to $rdnmatches[1],$newdestdn");
    }
    else
    {
        print("Failed move because " . ldap_error($ldapconn));
    }
}

Don't forget to give a bit of time for replication...

Also consider constraints around modifying/moving objects that are still being replicated from a previous move event.

How to move an eDirectory entry via php?, So, how do I move an entry from one OU to another, in php, without the pain of my other two options? What I'm running: Ubuntu 12.04 LTS PHP 5.3.10 eDirectory  Once a new entry is added to config.php for the datadirectory (described below), after exiting maintenance mode, oc_storages is automatically updated with the new data directory path added. Since I’m new to Ubuntu and Nextcloud, I drafted a guide using actual defaults and variables for my installation, which is posted below.

Try this:

ldap_rename($ldapconn, "cn=blah,ou=apples,ou=people,dc=yay,dc=edu", "cn=blah", "ou=oranges,ou=people,dc=yay,dc=edu", true);

ldap_rename - Manual, ldap_rename — Modify the name of an entry Here's some clarification about the parameters when renaming a container in Novell eDirectory: E.g. In OpenLDAP, moving a non-leaf entry is only supported when using the back-hdb​  Tells whether the given filename is a directory. If filename is a relative filename, it will be checked relative to the current working directory. If filename is a symbolic or hard link then the link will be resolved and checked. If you have enabled safe mode , or open_basedir further restrictions may apply.

How to Use Perl, Python, and PHP to Access eDirectory 8.7 via LDAP, How to Use Perl, Python, and PHP to Access eDirectory 8.7 via LDAP. What attributes go with what objects, what classes of objects there are, what it is easy to enforce at the data entry level with scripting languages. The eDirectory setup is fast and easy. You can import listing data from a spreadsheet, and click to edit navigation and other site layout items via the widget based page editor. Launch your site in minutes and manage your content with ease. Features that help you building a. successful online directory. Listings have all the features you could

How to Use Perl, Python, and PHP to Access NDS eDirectory 8.5 via , How to Use Perl, Python, and PHP to Access NDS eDirectory 8.5 via LDAP. What attributes go with what objects, what classes of objects there are, what is easy to enforce at the data entry level with scripting languages. PHP - Keep The Values in The Form. To show the values in the input fields after the user hits the submit button, we add a little PHP script inside the value attribute of the following input fields: name, email, and website.

How to move the Organizational CA to another server, How to move an eDirectory entry via php?. I have this ldap entry: cn=blah,ou=​apples,ou=people,dc=yay,dc=edu I need to move that entry. If you don't want your PHP program to wait XXX seconds before giving up in a case when one of your corporate DC have failed, and since ldap_connect() does not have a mechanism to timeout on a user specified time, this is my workaround which shows excellent practical results.

Comments
  • could you advise as to the version of LDAP you're running?
  • The stated comment talks explicitly about renaming and not moving an entry. So it does not apply here. Did you try to give it a complete dn though in the third parameter? And are you sure that the user binding to the LDAP has sufficient rights?
  • LDAP v3. Earlier in the code I set the protocol explicitly. The user I'm testing with is the main admin to the directory. So it has the right perms.
  • Just tried passing the full new dn to the third parameter. ldap_rename returned true, but eDirectory did not move the entry.
  • Please note that the 5th to last line of the function is missing a closing parenthesis. It should be if (ldap_delete($connection, ldap_get_dn($connection, $ldapEntryReference))) {