我尝试在LDAP中创建用户帐户。用于连接LDAP的示例代码
conn = ldap.initialize(bind_url) # Connect LDAP service
conn.set_option(ldap.OPT_REFERRALS, 0)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
conn.set_option(ldap.OPT_DEBUG_LEVEL, 255)
conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
conn.protocol_version = ldap.VERSION3 # Default version for LDAP protocol used
conn.set_option(ldap.OPT_REFERRALS, 0)
ldap_user = "CN=%s,%s" % (bind_username, base_dn)
conn.simple_bind_s(ldap_user, bind_password) # Authentication occurs
我可以连接到LDAP并在禁用模式下创建用户(UserAccountControl == 514)。当我尝试设置密码或启用帐户时。会出现错误,如
“{'info':'0000001F:SvcErr:DSID-031A12D2,问题5003(WILL_NOT_PERFORM),数据0 \ n','desc':'服务器不愿意执行'}”
我在python-ldap库中使用。以下是我添加和启用用户帐户的示例代码
user_attrs['objectclass'] = ['top', 'person', 'organizationalPerson', 'user']
user_attrs['cn'] = username
user_attrs['givenName'] = username
user_attrs['sn'] = username
user_attrs['displayName'] = username
user_attrs['userAccountControl'] = '514'
user_attrs['mail'] = str(user["email"])
user_attrs['department'] = str(user["department"])
user_ldif = modlist.addModlist(user_attrs)
add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password])]
# 512 will set user account to enabled
mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', '512')]
# Add the new user account
try:
ldap_connection.add_s(user_dn, user_ldif)
except ldap.LDAPError, error_message:
print "Error adding new user: %s" % error_message
return False
# Add the password
try:
ldap_connection.modify_s(user_dn, add_pass)
except ldap.LDAPError, error_message:
print "Error setting password: %s" % error_message
return False
# Change the account back to enabled
try:
ldap_connection.modify_s(user_dn, mod_acct)
except ldap.LDAPError, error_message:
print "Error enabling user: %s" % error_message
return False
print "User created %s" % username
如果有任何解决方案或修复,请告诉我。
我在ubuntu中的ldap.conf:
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
答案 0 :(得分:0)
我发现以下博文在这方面非常有帮助。 http://marcitland.blogspot.com/2011/02/python-active-directory-linux.html
看起来你需要的是:
unicode_pass = unicode('\"' + password + '\"', UNICODE_STANDARD)
password_value = unicode_pass.encode(UNICODE_ENCODING)
add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password_value])]