堆棧內存溢出
  簡體   English   中英

Python3 Ldap3:無法通過python腳本在ldap上添加實體(新用戶對象)

[英]Python3 Ldap3: Cannot add entities ( new user object) on ldap via python script

 原文  2017-08-07 06:40:17       python/ python-3.x/ ldap/ ldap3

問題描述

我正在編寫一個python代碼,以便能夠在LDAP上添加新的用戶帳戶。Pyhton3和LDAP3 ..到目前為止,我可以搜索數據..但是我無法通過腳本將新用戶插入LDAP。我可以使用FusionDirectoy插入的帳戶。

問題:它說我使用ObjectClass時沒有權限:inetOrgPerson。 我需要添加紀要的屬性,該屬性需要使用此objectClass。

我的代碼: 

import boto3
import sys,getopt
import ldap3
def main(argv):
     add_uid = ''
     add_username = ''
     add_password = ''
     add_group = ''
     add_mail = ''
     add_role = ''
     actual_uid = ''
     actual_user = ''
     actual_pass = ''
     actual_group = ''
     actual_mail = ''
     actual_role = ''
     try:
         opts, args = getopt.getopt(argv, "hi:u:p:r:e:",["add_uid=","add_username=","add_password=","add_mail="])
     except getopt.GetoptError:
         PrintHelp()
     for opt, arg in opts:
         if opt == '-h':
            PrintHelp()
         elif opt in ("-i", "--add_uid"):
            actual_uid = arg
         elif opt in ("-u", "--add_username"):
            actual_user = arg
         elif opt in ("-p", "--add_password"):
            actual_pass = arg
         elif opt in ("-e", "--add_mail"):
            actual_mail = arg
     if (actual_uid == '') or (actual_user == '') or (actual_pass == '') or (actual_mail == ''):
         PrintHelp()
     else:
         LDAPfuction(actual_uid,actual_user,actual_pass,actual_mail)

def PrintHelp():
    print ('\n@@@ 4 parameters are needed @@@: python3 LDAPuserManagement.py -i {} -u {} -p {} -e {} \nExample --> LDAPuserManagement.py -i sumana_w -u "Sumana Wongrattanakul" -p XXXXXXXXXX -e *******@XXXXXX \n-i = user id  \n-u = usamename (that want to be added.. format = "FirstName Lastname") \n-p = Password\n-e = targeted user email (xxxxxx@acommerce.asia) \n\nOPTIONALS:\n\n-h = help (how to use)\n')
    sys.exit(2)

def LDAPfuction(actual_uid,actual_user,actual_pass,actual_mail):
    from ldap3 import Server, Connection, ALL
    ldap_server ='ldap://[server]:389'
    ldap_base_user = 'ou=people,dc=xxxxx,dc=xxxxxx,dc=xxxxx'
    ldap_user = 'user'
    ldap_password = 'password'
    user_dn = "uid="+ldap_user+","+ldap_base_user
    searchFilter_user = "(&(cn="+actual_user+")(objectclass=*))"
    search_att_user = ['uid','cn','sn','fdPrivateMail','givenName']
    l = ''
    conn_user= []
    c = ''
    lastname = []
    dn = ''
    attrs = {}
    result_add = ''
    attrs_1 = {}

    try:
    #--------------- Connecting to LDAP ---------------------------------------
        c=Server(ldap_server, port=389, get_info=ALL)

       l=Connection(c,user=user_dn,password=ldap_password,auto_bind=True)
        print (l.bind)
        if not l.bind():
            print ("ERROR in Blind", l.result)

    except:
        print ("\n\n @@@@ Please open DEV VPN connection @@@@ \n\n")
    #--------------- Checking if account is already existing or not -----------
    l.search(ldap_base_user, searchFilter_user, attributes=search_att_user)
    conn_user =l.entries
    if conn_user != []:
        print (conn_user)
        print ("\n\n @@@ This account already exist in LDAP @@@\n\n")
        sys.exit(2)
    else:
        lastname = str.split(actual_user)
        print (actual_uid)
        print (actual_user)
        print (actual_pass)
        print (lastname[0])
        print (lastname[1])
        print (actual_mail)

        dn_1 = "cn="+actual_user+","+ldap_base_user
        #dn_1 = "uid="+actual_uid+","+ldap_base_user
        attrs['objectclass']=['inetOrgPerson']
        attrs['cn'] = actual_user
        attrs['sn'] = lastname[1]
        attrs['givenName']=lastname[0]
        attrs['uid']=actual_uid
        attrs['userPassword']=actual_pass
        print (dn_1)
        print (attrs)
        l.add(dn_1,attributes=attrs)
        print (l.result)

if __name__ == "__main__":
    main(sys.argv[1:])

結果:{'結果':50,'描述':'insufficientAccessRights','dn':'','消息':'對父母沒有寫權限','推薦':無,'類型':'addResponse'}

有什么幫助嗎?

1 個解決方案

解決方案1
 0  2017-08-26 13:38:15

您似乎沒有創建用戶帳戶的權限。

我運行了一些測試代碼以檢查我的理論,在該理論上我綁定到LDAP服務器並嘗試創建用戶,綁定成功,但是Connection.add(...)失敗,並顯示以下信息: 

{'description': 'insufficientAccessRights', 'result': 50, 'type': 'addResponse', 'dn': '', 'message': '00000005: SecErr: DSID-03152857, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0\n\x00', 'referrals': None}

在我看來,這與您的錯誤非常相似。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 如何在python3中使用ldap3綁定(驗證)用戶 ldap3 python Modify用過濾器替換對象 用於大規模ldap搜索的python ldap3函數 Python LDAP3搜索LDAPOperationsErrorResult Python ldap3 搜索何時創建 Python ldap3 創建組 如何通過 OpenLdap 使用 Python ldap3 驗證用戶和密碼? 使用ldap3 Python獲取Active Directory中的用戶狀態(禁用或活動) Python ldap3 使用郵件或用戶 ID 進行身份驗證 python - ldap3 庫:如何向屬性添加多個值
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM