stackoom
  简体   繁体   中英

Python LDAP change password has no effect

 原文  2019-03-13 14:38:22       python/ python-3.x/ ldap/ passwords

Question

I'm currently trying to modify the password of a user on an AD with Python (3) and LDAP module. When my script is finished, everything looks like to be OK. However, the password is the same that before.

Here is my script: 

LDAP_SERVER = <domain>
LDAP_USERNAME = <admin_username>
LDAP_PASSWORD = <admin_password>
dn = <DN>
quoted_new_password = '\"' + <new_password> + '\"'
quoted_new_password_bytes = quoted_new_password.encode('UTF-16LE')

ldap_client = ldap.initialize(LDAP_SERVER)
ldap_client.set_option(ldap.OPT_REFERRALS, 0)
ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
ad_user_filter = '(&(objectClass=user)(sAMAccountName=<username-for-password-modification>))'
res = ldap_client.search_s(dn, ldap.SCOPE_SUBTREE, ad_user_filter)
user_dn = (res[0][1]['distinguishedName'][0]).decode("utf-8")
modlist = [ (ldap.MOD_REPLACE, "userPassword", quoted_new_password_bytes)]
ldap_client.modify_s(user_dn, modlist)

The result is a tuple like 

(<number>, [], <number>, [])

Then, when I try to connect the the AD (with the same domain), the old password works, but not the new.

Did I have forget something ?

Thank you in advance !

EDIT: The result is the same when I put, for example, en empty string as new password, even if my AD require at least 14 characters.

EDIT: The last result of "modify_s" is 

(103, [], 3, [])

However, 103 code doesn't correspond to anything...

1 answers

solution1
 0 ACCPTED  2019-03-15 22:17:05

RESOLVED

The domain was ldap://the_domain:389 . But it couldn't work because I had to use the secured server: ldaps and not ldap, port 636 and not 389.

So I changed LDAP_SERVER to ldaps://the_domain:636

However, my script didn't work anymore. I taked this script from another post before adapt it: 

import ldap3

SERVER = 'ldaps://thedomain:636'
BASE_DN = "DC=domain,DC=com"
LDAP_USERNAME = "admin_username@thedomain.com"
LDAP_PASSWORD = "admin_password"
CURRENT_PWD = "the_current_password"
NEW_PWD = "the_new_password"
SEARCHED_USERNAME = "M_tete_en_l_air"

SEARCH_FILTER = '(&(objectClass=User)(samaccountname='+SEARCHED_USERNAME +'))'

USER_DN = ""

ldap_server = ldap3.Server(SERVER, get_info=ldap3.ALL)
conn = ldap3.Connection(ldap_server, LDAP_USERNAME, LDAP_PASSWORD, auto_bind=True)
conn.start_tls()

conn.search(search_base = BASE_DN,
         search_filter = SEARCH_FILTER,
         search_scope = ldap3.SUBTREE,
         attributes = ['cn', 'givenName'],
         paged_size = 5)

for entry in conn.response:
    if entry.get("dn") and entry.get("attributes"):
        if entry.get("attributes").get("cn"):
            USER_DN=entry.get("dn")

print(USER_DN)
success = ldap3.extend.microsoft.modifyPassword.ad_modify_password(conn, USER_DN, NEW_PWD, CURRENT_PWD,  controls=None)
print("Password modified: ", success)

(I don't have exactly this script)

Source (StackOverflow answer)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question change password with python-ldap Password Change - LDAP3 - Python - Raspberry Pi Change LDAP password encryption using django-python3-ldap python LDAP modify password How to force user to change password at next logon with ldap3 python module? Error - UNWILLING_TO_PERFORM - while change user password in AD ldap using python code Python 3.5, ldap3 and modify_password() Update Active Directory Password using ldap python Why stdbuf has no effect on Python? How to change the user password using ldap passwd_s function
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM