[英]Error - UNWILLING_TO_PERFORM - while change user password in AD ldap using python code
I am creating a simple python function to change the user password.我正在创建一个简单的 python function 来更改用户密码。 I have tested my AD set up, able to search the user and get correct response but when try to run l.modify_s, I get the below error.我已经测试了我的 AD 设置,能够搜索用户并获得正确的响应,但是当尝试运行 l.modify_s 时,我收到以下错误。 AD user has the required permissions. AD 用户具有所需的权限。 Not sure why am I getting this error.不知道为什么我会收到这个错误。
Any help will be great.任何帮助都会很棒。 Please let me know if you need any more information or code as well to understand the issue better.如果您还需要更多信息或代码以更好地理解问题,请告诉我。
"errorType": "**UNWILLING_TO_PERFORM**",
"errorMessage": "{'info': u'0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\\n', 'msgid': 3, 'msgtype': 103, 'result': 53, 'desc': u'Server is unwilling to perform', 'ctrls': []}"
}```
Please find my code below
``` import ldap
import os
import boto3
import random
import string
from base64 import b64decode
import ldap
def lambda_handler(event, context):
try:
cert = os.path.join('/Users/marsh79/Downloads', 'Serverssl.cer')
print "My cert is", cert
# LDAP connection initialization
l = ldap.initialize('ldap://example.corp.com')
# Set LDAP protocol version used
l.protocol_version = ldap.VERSION3
#Force cert validation
l.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
# Set path name of file containing all trusted CA certificates
l.set_option(ldap.OPT_X_TLS_CACERTFILE, cert)
# Force libldap to create a new SSL context (must be last TLS option!)
l.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
bind = l.simple_bind_s("admin@corp.example.com", "secret_pass")
base = "OU=Enterprise,OU=Users,OU=corp,DC=corp,DC=example,DC=com"
criteria = "(objectClass=user)"
attributes = ['distinguishedName']
result = l.search_s(base, ldap.SCOPE_SUBTREE, criteria, attributes)
results = [entry for dn, entry in result if isinstance(entry, dict)]
new_password='secretpass_new'
unicode_pass = unicode('\"' + new_password + '\"', 'iso-8859-1')
password_value = unicode_pass.encode('utf-16-le')
add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password_value])]
print "My result distinguishedName1:", results[0]['distinguishedName'][0]
print "My result distinguishedName2:", results[1]['distinguishedName'][0]
l.modify_s(results[0]['distinguishedName'][0],add_pass)
print results
finally:
l.unbind()
I have checked multiple things我检查了很多东西
I'm not a Python programmer, but I know how AD and LDAP works.我不是 Python 程序员,但我知道 AD 和 LDAP 是如何工作的。 It's probably still not connected via LDAPS.它可能仍未通过 LDAPS 连接。 From examples I've seen online, you might need to specify ldaps://
:从我在网上看到的示例中,您可能需要指定ldaps://
:
l = ldap.initialize('ldaps://<server name>.corp.example.com')
Or possibly the port as well:或者也可能是端口:
l = ldap.initialize('ldaps://<server name>.corp.example.com:636')
You don't need to supply the cert file on the client side, but the issuer of the certificate on the server must be trusted by the client computer.您不需要在客户端提供证书文件,但服务器上的证书颁发者必须受到客户端计算机的信任。 I guess that's what you're trying to do with cert
.我想这就是你试图用cert
做的事情。 But you may not have to.但您可能不必这样做。 Try without that and see what happens.尝试不使用它,看看会发生什么。 If you're running this on Windows, it may use the Trusted Certificate Store from Windows itself and it should work as long as the server isn't using a self-signed cert.如果您在 Windows 上运行它,它可能会使用 Windows 本身的可信证书存储,只要服务器不使用自签名证书,它就应该可以工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.