堆栈内存溢出
  简体   繁体   English

如何强制用户在下次登录时使用 ldap3 python 模块更改密码?

[英]How to force user to change password at next logon with ldap3 python module?

 原文  2018-02-13 09:17:55       python/ python-3.x/ scripting/ active-directory/ ldap3

问题描述

I'm using ldap3 to create a user account in Active Directory (Win 2012R2) with python script.我正在使用 ldap3 通过 python 脚本在 Active Directory (Win 2012R2) 中创建一个用户帐户。 The only one attribute I can't set is "User must change password at next logon".我唯一无法设置的属性是“用户下次登录时必须更改密码”。 Could you suggest a way to get this checkbox marked right after using creation?您能否建议一种在使用创建后立即标记此复选框的方法? I tried to change UserAccountControl and pwdLastSet attributes but no luck(我试图更改 UserAccountControl 和 pwdLastSet 属性但没有运气(

-1 is the only one valid parameter -1 是唯一一个有效参数

password_expire = {"pwdLastSet": (MODIFY_REPLACE, [-1])}
connect.modify(dn=user_dn, changes=password_expire)

PASSWORD_EXPIRED 0x800000 8388608密码过期 0x800000 8388608

password_expire = {"UserAccountControl": (MODIFY_REPLACE, [8388608])}
connect.modify(dn=user_dn, changes=password_expire)

1 个解决方案

解决方案1
 1 已采纳  2018-02-13 11:53:21

NOTE : Solution given below would, probably , only work after the upcoming version release (v2.5) of LDAP3 library.注意:下面给出的解决方案可能只有在即将发布的 LDAP3 库版本 (v2.5) 之后才有效。 Currently, I'm not aware of the workarounds which would provide the desired solution to OP.目前,我不知道可以为 OP 提供所需解决方案的解决方法。

Check the changelog here which lists:检查此处列出的变更日志

For the release v2.5, pwdLAstSet in AD is valid for 0 and -1.对于版本 v2.5,AD 中的 pwdLAstSet 对 0 和 -1 有效。

---It has not been released for now, and just commented (thanks to Anton Belov for notifying). ---暂时没有发布,只是评论(感谢Anton Belov的通知)。

If the value of pwdLastSet is set to 0, and UAC attribute doesn't contain the flag UF_DONT_EXPIRE_PASSWD , users would be asked to change password at next logon.如果pwdLastSet的值设置为 0,并且 UAC 属性不包含标志UF_DONT_EXPIRE_PASSWD ,则用户将在下次登录时被要求更改密码。 Check aboutPwd-Last-Set attribute here on MSDN for more information. 在 MSDN 上查看Pwd-Last-Set 属性以获取更多信息。

Modifying your code as suggested above will show you the tick mark in the checkbox of the user's account for changing the password.按照上面的建议修改您的代码将在用户帐户的复选框中显示用于更改密码的勾号。

Use only your first code, and set the value to 0 as commented below.仅使用您的第一个代码,并将值设置为 0,如下所述。

password_expire = {"pwdLastSet": (MODIFY_REPLACE, [-1])}  # // use 0 instead of -1.
connect.modify(dn=user_dn, changes=password_expire)
# // you don't need to play with UserAccountControl further...

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 密码更改-LDAP3-Python-Raspberry Pi - Password Change - LDAP3 - Python - Raspberry Pi 如何通过 OpenLdap 使用 Python ldap3 验证用户和密码? - How can I verify user and password using Python ldap3 via OpenLdap? Python 3.5,ldap3和Modify_password() - Python 3.5, ldap3 and modify_password() 如何在python3中使用ldap3绑定(验证)用户 - How to bind (authenticate) a user with ldap3 in python3 如何在ldap3中删除用户的属性? - How to delete attribute of user in ldap3? 无法使用python ldap3模块连接到ldap - Unable to connect to ldap using python ldap3 module 使用ldap3 python进行Active Directory身份验证,如何避免明文密码 - Active Directory authentication using ldap3 python, how to avoid clear text password 如何明确地将Python的ldap3模块告知TLS版本1.2? - How to tell Python's ldap3 module to TLS version 1.2 explicitly? 使用ldap3 Python获取Active Directory中的用户状态(禁用或活动) - Get user status (disabled or active) in Active Directory with ldap3 Python 允许AD用户使用Python ldap3更改自己的密码 - Allow AD users to change their own passwords using Python ldap3
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM