Forum: Ruby ruby-net-ldap :replace_attribute error

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
2e1af8b6323bf2c6825c4166b389b3ad?d=identicon&s=25 Mike Rood (imdwalrus)
on 2008-11-14 08:37
I'm trying to use ruby-net-ldap to update Active Directory user
attributes.  Specifically, I'm trying to modify user accounts to require
users to change their passwords on next logon.  Microsoft examples
indicate that I need to set the pwdLastSet value to 0.

Both ldap.bind and are working just fine so far.  I'm
retrieving the current pwdlastset and dn (distinguishedName) values
successfully (ruby-net-ldap apparently downcases all the standard ldap
attribute names).  However, the command
  ldap.replace_attribute userDn, :pwdlastset, 0
(where userDn = the dn value retrieved by blows up with
this error message:

`read_ber': unsupported object type: class=context_specific,
encoding=primitive, tag=10 (Net::BER::BerError)

I've traced this through to the statement that genereates the error.
It's actually deeper in the code than the line shown in the error
statement.  At the point it blows up, it's parsing through a bunch of
binary values and I have no idea what it's trying to do.

Has anyone else seen this error and figured out what causes it and how
to get around it?


693634638e8f65aa4b06694af197bc7d?d=identicon&s=25 Shane Pinnell (lelio98)
on 2012-08-13 20:43
Try setting it to zero as a string:

ldap.replace_attribute userDn, :pwdlastset, "0"
This topic is locked and can not be replied to.