我正在编写一个python代码,以便能够在LDAP上添加新的用户帐户.. Pyhton3和LDAP3 ..到目前为止我可以搜索数据..但我不能通过脚本将新用户插入LDAP。但是我可以使用fusiondirectoy插入相同的帐户。
问题:它说我没有权利使用ObjectClass:inetOrgPerson。我需要添加需要使用此objectClass的givenName属性。
我的代码:
import boto3
import sys,getopt
import ldap3
def main(argv):
add_uid = ''
add_username = ''
add_password = ''
add_group = ''
add_mail = ''
add_role = ''
actual_uid = ''
actual_user = ''
actual_pass = ''
actual_group = ''
actual_mail = ''
actual_role = ''
try:
opts, args = getopt.getopt(argv, "hi:u:p:r:e:",["add_uid=","add_username=","add_password=","add_mail="])
except getopt.GetoptError:
PrintHelp()
for opt, arg in opts:
if opt == '-h':
PrintHelp()
elif opt in ("-i", "--add_uid"):
actual_uid = arg
elif opt in ("-u", "--add_username"):
actual_user = arg
elif opt in ("-p", "--add_password"):
actual_pass = arg
elif opt in ("-e", "--add_mail"):
actual_mail = arg
if (actual_uid == '') or (actual_user == '') or (actual_pass == '') or (actual_mail == ''):
PrintHelp()
else:
LDAPfuction(actual_uid,actual_user,actual_pass,actual_mail)
def PrintHelp():
print ('\n@@@ 4 parameters are needed @@@: python3 LDAPuserManagement.py -i {} -u {} -p {} -e {} \nExample --> LDAPuserManagement.py -i sumana_w -u "Sumana Wongrattanakul" -p XXXXXXXXXX -e *******@XXXXXX \n-i = user id \n-u = usamename (that want to be added.. format = "FirstName Lastname") \n-p = Password\n-e = targeted user email (xxxxxx@acommerce.asia) \n\nOPTIONALS:\n\n-h = help (how to use)\n')
sys.exit(2)
def LDAPfuction(actual_uid,actual_user,actual_pass,actual_mail):
from ldap3 import Server, Connection, ALL
ldap_server ='ldap://[server]:389'
ldap_base_user = 'ou=people,dc=xxxxx,dc=xxxxxx,dc=xxxxx'
ldap_user = 'user'
ldap_password = 'password'
user_dn = "uid="+ldap_user+","+ldap_base_user
searchFilter_user = "(&(cn="+actual_user+")(objectclass=*))"
search_att_user = ['uid','cn','sn','fdPrivateMail','givenName']
l = ''
conn_user= []
c = ''
lastname = []
dn = ''
attrs = {}
result_add = ''
attrs_1 = {}
try:
#--------------- Connecting to LDAP ---------------------------------------
c=Server(ldap_server, port=389, get_info=ALL)
l=Connection(c,user=user_dn,password=ldap_password,auto_bind=True)
print (l.bind)
if not l.bind():
print ("ERROR in Blind", l.result)
except:
print ("\n\n @@@@ Please open DEV VPN connection @@@@ \n\n")
#--------------- Checking if account is already existing or not -----------
l.search(ldap_base_user, searchFilter_user, attributes=search_att_user)
conn_user =l.entries
if conn_user != []:
print (conn_user)
print ("\n\n @@@ This account already exist in LDAP @@@\n\n")
sys.exit(2)
else:
lastname = str.split(actual_user)
print (actual_uid)
print (actual_user)
print (actual_pass)
print (lastname[0])
print (lastname[1])
print (actual_mail)
dn_1 = "cn="+actual_user+","+ldap_base_user
#dn_1 = "uid="+actual_uid+","+ldap_base_user
attrs['objectclass']=['inetOrgPerson']
attrs['cn'] = actual_user
attrs['sn'] = lastname[1]
attrs['givenName']=lastname[0]
attrs['uid']=actual_uid
attrs['userPassword']=actual_pass
print (dn_1)
print (attrs)
l.add(dn_1,attributes=attrs)
print (l.result)
if __name__ == "__main__":
main(sys.argv[1:])
结果:{'结果':50,'描述':'不足的访问权限',' dn':'&# 39;,'消息':'对父母','推介':无,'键入':' addResponse& #39;}
任何帮助?
答案 0 :(得分:0)
您似乎没有权限创建用户帐户。
我运行了一些测试代码来检查我的理论,我绑定到我的LDAP服务器并尝试创建用户,绑定成功但Connection.add(...)失败了:
{'description': 'insufficientAccessRights', 'result': 50, 'type': 'addResponse', 'dn': '', 'message': '00000005: SecErr: DSID-03152857, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0\n\x00', 'referrals': None}
对我而言,这与您的错误非常相似。