具有Powershell的新LDAP用户
[英]New LDAP User with Powershell
问题描述
I have the challenge to create new LDAP Users with a Powershell Script. 
我面临使用Powershell脚本创建新的LDAP用户的挑战。 I have googled a lot but I found no good results... 我在Google上搜索了很多,但没有发现好结果。
This is my Code to get Users from the LDAP... 这是我的从LDAP获取用户的代码...
$authenticationType = [System.DirectoryServices.AuthenticationTypes]::ServerBind
$objSearcherRoot = New-Object System.DirectoryServices.DirectoryEntry("LDAP://***.local.com:777/ou=user,o=company", "uid=testuser,ou=system,o=company", "password" , $authenticationType)
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SizeLimit= 0
$objSearcher.PageSize = 1000
$objSearcher.SearchRoot = $objSearcherRoot
$objSearcher.Filter = "cn=$cn"
$result = $objSearcher.FindAll()
My Problem is, I don't know how to insert a new LDAP User (not Active Directory) It would be really nice if someone could help me... ;) 我的问题是,我不知道如何插入新的LDAP用户(不是Active Directory),如果有人可以帮助我,那真是太好了……;)
Thanks 谢谢
3 个解决方案
解决方案1
1 2016-07-13 21:06:23
Yes, it's possible, I've done it. 是的,有可能,我已经做到了。 You need to bind to the LDAP server using a System.DirectoryServices.Protocols.LdapConnection object (let's say $c) and then create a System.DirectoryServices.Protocols.AddRequest object and populate its attributes (I'm only showing a couple in this example): 您需要使用System.DirectoryServices.Protocols.LdapConnection对象(假设为$ c)绑定到LDAP服务器,然后创建一个System.DirectoryServices.Protocols.AddRequest对象并填充其属性(在此仅显示几个)例):
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols")
[System.Reflection.Assembly]::LoadWithPartialName("System.Net")
$c = New-Object -TypeName System.DirectoryServices.Protocols.LdapConnection -ArgumentList "***.local.com:777,uid=testuser,ou=system,o=company", "password" , $authenticationType"
$c.Bind()
$r = New-Object -TypeName System.DirectoryServices.Protocols.AddRequest
$r.DistinguishedName = "uid= xxxx, ou=user, o=company"
$r.Attributes.Add((New-Object -TypeName System.DirectoryServices.Protocols.DirectoryAttribute -ArgumentList "objectclass",@("top","organizationalPerson","person","inetorgperson","inetuser","mailrecipient","pwmuser","posixAccount"))) | Out-Null
$r.Attributes.Add((New-Object -TypeName System.DirectoryServices.Protocols.DirectoryAttribute -ArgumentList "cn",($FirstName+" "+$LastName))) | Out-Null
Then just send the request: 然后只需发送请求:
$c.SendRequest($r)
解决方案2
0 已采纳 2013-07-11 13:42:38
LDAP does not support "inserts", but supports "adds". LDAP不支持“插入”,但支持“添加”。 The LDAP client must create an entry and transmit that entry to the directory server using the ADD request. LDAP客户端必须创建一个条目,然后使用ADD请求将该条目传输到目录服务器。 The server returns an ADD result to the LDAP client which contains information about the success or failure of the ADD request. 服务器将ADD结果返回到LDAP客户端,其中包含有关ADD请求成功或失败的信息。 So, check the documentation for information on transmitting an ADD request to the directory server and interpreting the subsequent response. 因此,请查阅文档以获取有关将ADD请求传输到目录服务器并解释后续响应的信息。
The LDAP client must have permission to ADD an entry (a user in this case). LDAP客户端必须具有添加条目的权限(在这种情况下为用户)。 This involves using the BIND request to change the authorization state of the connection to one which permits adding an entry at the designated place in the directory information tree. 这涉及使用BIND请求将连接的授权状态更改为允许在目录信息树中指定位置添加条目的连接。
解决方案3
-1 2013-07-12 08:43:58
You say "create new LDAP Users" but you could create AD users and then they would be available Using LDAP. 您说“创建新的LDAP用户”,但是您可以创建AD用户,然后使用LDAP就可以使用它们。
I used a script from Microsoft to do something similar. 我使用Microsoft的脚本执行类似的操作。
If you look through the code, you should be able to see how they did it. 如果仔细阅读代码,您应该能够看到他们是如何做到的。 We used their code with a few tweaks to do what we needed. 我们通过一些调整使用了他们的代码来完成所需的工作。
-jim -吉姆
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.