使用 python-ldap 添加 AD 组
[英]Adding AD group with python-ldap
问题描述
I am trying to create group within AD with no success, below is my code:
我试图在 AD 中创建组但没有成功,下面是我的代码:
import ldap
import ldap.modlist as modlist
LDAPserver = 'hidden'
LDAPlogin = 'hidden'
LDAPpassword = 'hidden'
l = ldap.initialize('ldap://' + LDAPserver)
l.simple_bind_s(LDAPlogin, LDAPpassword)
dn = 'OU=someunit,OU=someunit,OU=someunit,OU=someunit,DC=my-company,DC=local'
attrs = {}
attrs['objectclass'] = ['top','Group']
attrs['cn'] = 'group name to be created'
attrs['description'] = 'Test Group'
ldif = modlist.addModlist(attrs)
l.add_s(dn,ldif)
l.unbind_s()
Following snippet gives me an error:以下片段给了我一个错误:
ldap.INSUFFICIENT_ACCESS: {'info': '00000005: SecErr: DSID-031521D0, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0\n', 'desc': 'Insufficient access'}
However, using same credentials I can create group with some UI tools like LDAP Admin但是,使用相同的凭据,我可以使用LDAP Admin等一些 UI 工具创建组
so I suppose that I have proper permissions to create groups, but still no success with python-ldap.所以我想我有适当的权限来创建组,但 python-ldap 仍然没有成功。
I can also query existing groups and fetch its members via script.我还可以查询现有组并通过脚本获取其成员。
I believe that the problem is in my attributes, maybe Active Directory need some different values to be inserted into attrs variable.我相信问题出在我的属性上,也许 Active Directory 需要将一些不同的值插入到attrs变量中。 AD is running under Win Server 2012 R2. AD 在 Win Server 2012 R2 下运行。
Any help would be appreciated :)任何帮助,将不胜感激 :)
2 个解决方案
解决方案1
0 2022-07-05 10:07:21
dn实际上应该是CN=<groupname> + base_dn ,所以在你的情况下是这样的
dn = 'CN=groupname,OU=someunit,OU=someunit,OU=someunit,OU=someunit,DC=my-company,DC=local'
解决方案2
-1 2018-05-02 06:32:06
请尝试将LDAPlogin替换为完整的绑定dn值,例如
"cn=hidden,dc=example,dc=com"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.