无法验证,无法在活动目录中启用用户,使用python ldap创建的用户帐户
[英]Unable to authenticate ,enable the user in active Directory ,the user account created by using python ldap
问题描述
Here i'm attached the python files to create user and authenticating user in windows active Directory 2008 r2 
我在这里附加了python文件,以便在Windows Active Directory 2008 r2中创建用户并验证用户身份
create.py create.py
import ldap
import ldap.modlist as modlist
name='testing3'
password='p@ssw0rd'
l = ldap.initialize('ldap://##2.168.3#.##')
l.simple_bind_s('Administrator@example.local', 'p@ssw0rd1')
dn="cn="+name+",ou=oli,dc=example,dc=local"
attrs = {}
attrs['objectclass'] = ['Top','person','organizationalPerson','user']
attrs['cn'] = name
attrs['displayName'] = name
attrs['name'] = name
attrs['givenName'] = name
attrs['mail'] = name
attrs['ou'] = "Users"
#attrs['pwdLastSet'] = "-1"
attrs['userPrincipalName'] = name + "@naanal.local
attrs['userAccountControl'] = '514'
attrs['sAMAccountName'] = name
attrs['userPassword'] = password
ldif = modlist.addModlist(attrs)
l.add_s(dn,ldif)
l.unbind_s()
Using this program create user in the Active directory but unable to create the enabled user account. 使用此程序在Active Directory中创建用户,但无法创建已启用的用户帐户。 i can user the userAccountcontrol=''512` but it not working .userAccountcontrol='514' its working but user account was disabled. 我可以使用userAccountcontrol =''512`,但无法正常工作。userAccountcontrol ='514',其正常工作,但用户帐户已禁用。 using ldap modify change the userAccountcontrol getting error "when i'm try to enable the user account getting error "{'info': '0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0\\n', 'desc': 'Server is unwilling to perform'}"" 使用ldap修改更改userAccountcontrol获取错误“当我尝试启用用户帐户获取错误” {'info':'0000052D:SvcErr:DSID-031A120C,问题5003(WILL_NOT_PERFORM),数据0 \\ n','desc ':'服务器不愿意执行'}“”
Authe.py 紫杉
import ldap
username='shan'
password='p@ssw0rd'
LDAP_SERVER = 'ldap://###.##.##.##'
LDAP_USERNAME = '%s@example.local' % username
LDAP_PASSWORD = password
base_dn = 'DC=example,DC=example'
ldap_filter = 'userPrincipalName=%s@example.local' % username
attrs = ['memberOf']
try:
ldap_client = ldap.initialize(LDAP_SERVER)
ldap_client.set_option(ldap.OPT_REFERRALS,0)
ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
print 'successfull'
except ldap.INVALID_CREDENTIALS:
ldap_client.unbind()
print 'Wrong username ili password'
except ldap.SERVER_DOWN:
print 'AD server not awailable'
create the user account using create.py .then enable the user account manually in the active directory.after i'm try to authenticate the created user account not detected.but manually created account detected by using authe.py file i'm using Ubuntu 14.04 64 bit 使用create.py创建用户帐户。然后在活动目录中手动启用用户帐户。在我尝试对未检测到的已创建用户帐户进行身份验证之后,但使用authe.py文件检测到手动创建的帐户我正在使用Ubuntu 14.04 64位
1 个解决方案
解决方案1
0 2016-05-06 02:18:11
There are two problems with your code: 您的代码有两个问题:
Active Directory stores the password in the
unicodePwdattribute and notuserPassword.Active Directory将密码存储在unicodePwd属性中,而不是userPassword。 See this link for more details.有关更多详细信息,请参见此链接 。 This article also explains how the value for unicodePwdmust be encoded (UTF-16)本文还介绍了unicodePwd的值必须如何编码(UTF-16)The other problem (this is also explained in the referenced article) is that you must connect over a secure connection to Active Directory whenever you are making changes to the password attribute (including creating a user).
另一个问题(在引用的文章中也有解释)是,每当更改password属性(包括创建用户)时,都必须通过安全连接连接到Active Directory。 The URL starting with ldap://makes me believe that your connection is not secure.以ldap://开头的URL使我相信您的连接不安全。
I hope this helps. 我希望这有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.