I'm trying to use ruby-net-ldap to update Active Directory user attributes. Specifically, I'm trying to modify user accounts to require users to change their passwords on next logon. Microsoft examples indicate that I need to set the pwdLastSet value to 0. Both ldap.bind and ldap.search are working just fine so far. I'm retrieving the current pwdlastset and dn (distinguishedName) values successfully (ruby-net-ldap apparently downcases all the standard ldap attribute names). However, the command ldap.replace_attribute userDn, :pwdlastset, 0 (where userDn = the dn value retrieved by ldap.search) blows up with this error message: C:/RoR/lib/ruby/gems/1.8/gems/ruby-net-ldap-0.0.4/lib/net/ber.rb:117:in `read_ber': unsupported object type: class=context_specific, encoding=primitive, tag=10 (Net::BER::BerError) I've traced this through to the statement that genereates the error. It's actually deeper in the code than the line shown in the error statement. At the point it blows up, it's parsing through a bunch of binary values and I have no idea what it's trying to do. Has anyone else seen this error and figured out what causes it and how to get around it? Thanks, Mike
on 2008-11-14 08:37
on 2012-08-13 20:43
Try setting it to zero as a string: ldap.replace_attribute userDn, :pwdlastset, "0"