使用Powershell修改非AD LDAP对象

时间:2016-05-31 19:23:37

标签: powershell ldap

我正在寻找一种使用PowerShell修改非Active Directory LDAP对象的方法。我在网上发现了许多脚本来访问LDAP对象信息,但没有一个脚本显示如何修改它们。以下是我通过组合我在网上找到的各种脚本得到的最接近的。我无法超越" $ c.Bind()"因为我总是得到一个" LDAP服务器不可用"错误。我知道服务器名称是正确的,它已启动并运行。

有人有什么想法吗?

[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols")
[System.Reflection.Assembly]::LoadWithPartialName("System.Net")

$credentials = new-object System.Net.NetworkCredential("cn=adminID,o=edu","password")
$NetWareServer=New-Object System.DirectoryServices.Protocols.LdapDirectoryIdentifier("LDAP://ldapserver.system.edu:636")
$c = New-Object System.DirectoryServices.Protocols.LdapConnection($NetWareServer, $credentials)

$c.SessionOptions.SecureSocketLayer = $true;
$c.SessionOptions.ProtocolVersion = 3
$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic

$c.Bind() 

$r = (new-object "System.DirectoryServices.Protocols.ModifyRequest")
$r.DistinguishedName = "uid=testID,ou=test,o=edu";

$a = New-Object "System.DirectoryServices.Protocols.DirectoryAttributeModification"
$a.Name = "description"
$a.Operation = [System.DirectoryServices.Protocols.DirectoryAttributeOperation]::Add
$a.Add("testdescription")

$r.Modifications.Add($a)

$re = $c.SendRequest($r);

if ($re.ResultCode -ne System.directoryServices.Protocols.ResultCode]::Success)
{
    write-host "Failed!"
    write-host ("ResultCode: " + $re.ResultCode)
    write-host ("Message: " + $re.ErrorMessage)
} 

1 个答案:

答案 0 :(得分:0)

尝试使用uid而不是cn作为凭据。尝试连接时不使用SSL。验证端口和用户信息是否正确,以及服务器和该端口是否可以从您所在的位置访问。

我就这样做了:

$c = New-Object -TypeName System.DirectoryServices.Protocols.LdapConnection -ArgumentList "ldapserver.system.edu:636"
$c.SessionOptions.SecureSocketLayer = $true;
$c.SessionOptions.ProtocolVersion = 3
$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic
if ([string]::IsNullOrWhiteSpace($ConnectWithUser))
{
  $ConnectWithUser = Read-Host -Prompt "User:"
}
if ([string]::IsNullOrWhiteSpace($ConnectWithPassword))
{
  $ConnectWithPassword = Read-Host -Prompt "Password:" -AsSecureString
}
$ConnectWithUser = "uid="+$ConnectWithUser+",OU=admins,O=edu"

$credentials = New-Object -TypeName System.Net.NetworkCredential -ArgumentList $ConnectWithUser,$ConnectWithPassword
$c.Bind($credentials)
祝你好运