我想通过python ldap向AD添加一个帐户。通过以下代码帐户添加到活动目录可能帐户状态是禁用:
import ldap
import sys
def create_user_activedirectory(username , password , name ):
SCRIPT = 1
ACCOUNTDISABLE = 2
HOMEDIR_REQUIRED = 8
PASSWD_NOTREQD = 32
NORMAL_ACCOUNT = 512
DONT_EXPIRE_PASSWORD = 65536
TRUSTED_FOR_DELEGATION = 524288
PASSWORD_EXPIRED = 8388608
conn=ldap.open("192.168.10.41")
conn.protocol_version=ldap.VERSION3
conn.set_option(ldap.OPT_REFERRALS, 0)
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
conn.simple_bind_s("administrator@hamed.local" , "XYZ")
mymodlist = {
"objectClass": ["top".encode('utf-8'), "person".encode('utf-8'), "organizationalPerson".encode('utf-8'), "user".encode('utf-8')],
"cn": [str(username).encode('utf-8')],
#"uid": [str(username).encode('utf-8')],
"userPassword": [str(password).encode('iso-8859-1')],
"userPrincipalName": [str(username+"@XaaS.local").encode('iso-8859-1')],
"sAMAccountName": [str(username).encode('utf-8')],
"givenName": [str(name).encode('iso-8859-1')],
"sn": [str(name).encode('iso-8859-1')],
"displayName": [str(name).encode('iso-8859-1')],
#"userAccountControl": [NORMAL_ACCOUNT],
"userAccountControl": [str(NORMAL_ACCOUNT).encode('utf-8')],
}
dn="CN="+username+",CN=Users,DC=XaaS,DC=local"
conn.add_s(dn, ldap.modlist.addModlist(mymodlist))
by" userAccountControl":[NORMAL_ACCOUNT]属性,我得到以下错误:
{'info': '0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to perform'}
如果删除" userAccountControl":[NORMAL_ACCOUNT]属性,帐户已禁用。