【发布时间】:2017-03-07 09:51:34
【问题描述】:
我尝试在 LDAP 中创建用户帐户。连接 LDAP 的示例代码
conn = ldap.initialize(bind_url) # Connect LDAP service
conn.set_option(ldap.OPT_REFERRALS, 0)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
conn.set_option(ldap.OPT_DEBUG_LEVEL, 255)
conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
conn.protocol_version = ldap.VERSION3 # Default version for LDAP protocol used
conn.set_option(ldap.OPT_REFERRALS, 0)
ldap_user = "CN=%s,%s" % (bind_username, base_dn)
conn.simple_bind_s(ldap_user, bind_password) # Authentication occurs
我可以连接到 LDAP 并在禁用模式下创建用户 (UserAccountControl == 514)。当我尝试设置密码或启用帐户时。会有类似
的错误"{'info': '0000001F: SvcErr: DSID-031A12D2, 问题5003 (WILL_NOT_PERFORM), 数据0\n', 'desc': '服务器不愿意执行'}"
我正在使用 python-ldap 库。这是我添加和启用用户帐户的示例代码
user_attrs['objectclass'] = ['top', 'person', 'organizationalPerson', 'user']
user_attrs['cn'] = username
user_attrs['givenName'] = username
user_attrs['sn'] = username
user_attrs['displayName'] = username
user_attrs['userAccountControl'] = '514'
user_attrs['mail'] = str(user["email"])
user_attrs['department'] = str(user["department"])
user_ldif = modlist.addModlist(user_attrs)
add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password])]
# 512 will set user account to enabled
mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', '512')]
# Add the new user account
try:
ldap_connection.add_s(user_dn, user_ldif)
except ldap.LDAPError, error_message:
print "Error adding new user: %s" % error_message
return False
# Add the password
try:
ldap_connection.modify_s(user_dn, add_pass)
except ldap.LDAPError, error_message:
print "Error setting password: %s" % error_message
return False
# Change the account back to enabled
try:
ldap_connection.modify_s(user_dn, mod_acct)
except ldap.LDAPError, error_message:
print "Error enabling user: %s" % error_message
return False
print "User created %s" % username
如果有任何解决方案或修复方法,请告诉我。
我在 ubuntu 中的 ldap.conf:
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
【问题讨论】:
标签: python active-directory ldap openldap python-ldap