How to Manage GroupPoliciy using ldap3 library in python?

Question

I have trouble to manage the AD Server group policy with the ldap3 library.

For example, I'm adding New-GPLink policy. I have tried to add an attribute [New-GPLink:[LinkEnabled]] but getting an error.

Please suggest me below points with ldap3:

1. How to add Group Policy in AD server
2. How to remove Group Policy in AD Server
3. How to Modify Group Policy in AD Server
4. Is it possible to schedule installation and uninstallation operations using ldap3 library

Tried Thing:

1. Add connection
2. Search User
3. Add GroupPolicy Attribute.

Code :

from ldap3 import Server, Connection, ALL, ALL_OPERATIONAL_ATTRIBUTES, ALL_ATTRIBUTES, ObjectDef, Reader
server = Server("192.168.1.28", get_info=ALL)
admin_username = 'lab\\administrator'
admin_password = 'A1B1C1$'
conn = Connection(server, user=admin_username, password=admin_password, auto_bind=True)
search_base = 'dc=lab,dc=com'
search_filter = '(userPrincipalName=shakti@lab.com)'
conn.bind()
conn.search(search_base=search_base, search_filter=search_filter, attributes=attributes_groups)
new_attribute = 'New-GPLink'
d_n = 'CN=shakti,DC=lab,DC=com'
conn.add(dn=d_n,object_class='user',attributes=new_attribute)

Getting below error

TypeError                                 Traceback (most recent call last)
<ipython-input-292-425b72018c42> in <module>
----> 1 conn.add(dn=d_n,object_class='user',attributes=new_attribute)

c:\users\ankit.g\appdata\local\programs\python\python36\lib\site-packages\ldap3\core\connection.py in add(self, dn, object_class, attributes, controls)
    910 
    911             attr_object_class = [to_unicode(object_class) for object_class in attr_object_class]  # converts objectclass to unicode in case of bytes value
--> 912             _attributes[object_class_attr_name] = reduce(lambda x, y: x + [y] if y not in x else x, parm_object_class + attr_object_class, [])  # remove duplicate ObjectClasses
    913 
    914             if not _attributes[object_class_attr_name]:

TypeError: 'str' object does not support item assignment

Answer 1

The issue is that attributes should be a dictionary, not a string.

attributes : a dictionary in the form {'attr1': 'val1', 'attr2': 'val2', …} or {'attr1': ['val1', 'val2', …], …} for multivalued attributes

I'm not sure about the attribute naming though and what value you need to set exactly but the error is just about the format (could also be something like {'gpLinkStatus': 1} ), eg.

conn.add(dn=d_n,object_class='user',attributes={'New-GPLink':<value>})