stackoom
  简体   繁体   中英

Unable to authenticate ,enable the user in active Directory ,the user account created by using python ldap

 原文  2016-05-05 08:36:37       python/ ldap

Question

Here i'm attached the python files to create user and authenticating user in windows active Directory 2008 r2

create.py 

import ldap
import ldap.modlist as modlist
name='testing3'
password='p@ssw0rd'
l = ldap.initialize('ldap://##2.168.3#.##')
l.simple_bind_s('Administrator@example.local', 'p@ssw0rd1')
dn="cn="+name+",ou=oli,dc=example,dc=local"
attrs = {}
attrs['objectclass'] = ['Top','person','organizationalPerson','user']
attrs['cn'] = name
attrs['displayName'] = name
attrs['name'] = name
attrs['givenName'] = name
attrs['mail'] = name
attrs['ou'] = "Users"
#attrs['pwdLastSet'] = "-1"
attrs['userPrincipalName'] = name + "@naanal.local
attrs['userAccountControl'] = '514'
attrs['sAMAccountName'] = name
attrs['userPassword'] = password
ldif = modlist.addModlist(attrs)    
l.add_s(dn,ldif)
l.unbind_s()

Using this program create user in the Active directory but unable to create the enabled user account. i can user the userAccountcontrol=''512` but it not working .userAccountcontrol='514' its working but user account was disabled. using ldap modify change the userAccountcontrol getting error "when i'm try to enable the user account getting error "{'info': '0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0\\n', 'desc': 'Server is unwilling to perform'}""

Authe.py 

import ldap
username='shan'
password='p@ssw0rd'
LDAP_SERVER = 'ldap://###.##.##.##'
LDAP_USERNAME = '%s@example.local' % username
LDAP_PASSWORD = password
base_dn = 'DC=example,DC=example'
ldap_filter = 'userPrincipalName=%s@example.local' % username
attrs = ['memberOf']
try:  
     ldap_client = ldap.initialize(LDAP_SERVER)   
     ldap_client.set_option(ldap.OPT_REFERRALS,0)
     ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
     print 'successfull'
except ldap.INVALID_CREDENTIALS:
     ldap_client.unbind()
     print 'Wrong username ili password'
except ldap.SERVER_DOWN:
     print 'AD server not awailable'

create the user account using create.py .then enable the user account manually in the active directory.after i'm try to authenticate the created user account not detected.but manually created account detected by using authe.py file i'm using Ubuntu 14.04 64 bit

1 answers

solution1
 0  2016-05-06 02:18:11

There are two problems with your code:

  1. Active Directory stores the password in the unicodePwd attribute and not userPassword . See this link for more details. This article also explains how the value for unicodePwd must be encoded (UTF-16)

  2. The other problem (this is also explained in the referenced article) is that you must connect over a secure connection to Active Directory whenever you are making changes to the password attribute (including creating a user). The URL starting with ldap:// makes me believe that your connection is not secure.

I hope this helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Enable Active Directory user account using ldap python Detect if an Active Directory user account is locked using LDAP in Python unlocking Locked user accounts on Active Directory using Python ldap module add user to active directory by ldap python Get user status (disabled or active) in Active Directory with ldap3 Python python-ldap and Microsoft Active Directory: connect and delete user Python ldap3 authenticate using mail or user id How to safely authenticate a user using LDAP? Update Active Directory Password using ldap python Authenticating against active directory using python + ldap
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM