2

I am using ldap3 module in python to create and disable users in AD in python. When I create a user using the following code,

from ldap3  import *
import ssl
tls_configuration = Tls(validate=ssl.CERT_REQUIRED, 
version=ssl.PROTOCOL_TLSv1)
tls_configuration.validate = ssl.CERT_NONE
s = Server('xxxxxx:389',use_ssl=False, get_info=ALL)
c=Connection(s,user='x\Administrator',password='x',
check_names=True,lazy=False,
raise_exceptions=False)
c.open()
c.bind()
c.add('cn=SubhasisB,ou=gssd users,dc=adldap,dc=com','User')

the users created using the above command are showing disabled with the attribute userAccountControl set to 546 with no password. When I try to modify the attribute to 512 to enable the user I get the error

```

c.modify('cn=SubhasisB,ou=gssd users,dc=adldap,dc=com', {'unicodePwd': [(MODIFY_REPLACE, ['xxxxx'])]}) False

c.result {'result': 53, 'description': 'unwillingToPerform', 'dn': '', 'message': '0000001F: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0\n\x00', 'referrals': None, 'type': 'modifyResponse'}```

getting the same error for

c.modify('cn=SubhasisB,ou=gssd users,dc=adldap,dc=com', {'userAccountControl': [(MODIFY_REPLACE, ['512'])]})

However if I manually create a user in the Windows server I am able to disable it by setting the userAccountControl to 514 using ldap3.

Ahmad Al-Kurdi
  • 2,248
  • 3
  • 23
  • 39
asd
  • 21
  • 3
  • I am partially able to achieve my task by doing the following: `>>> c.modify('cn=SubhasisB,ou=gssd users,dc=adldap,dc=com', {'userAccountControl': [(MODIFY_REPLACE,['544'])]}) True` – asd Jan 01 '18 at 22:04
  • Need help with setting password using ldap3 `>>> USER_DN="adldap\SubhasisB" >>> NEWPWD="some_complex_password_that_works_manually in AD" >>> CURRENTPWD=None >>> print (ldap3.extend.microsoft.modifyPassword.ad_modify_password(c, USER_DN, NEWPWD, CURREENTPWD, controls=None)) Traceback (most recent call last): File "", line 1, in NameError: name 'ldap3' is not defined` – asd Jan 01 '18 at 23:14

0 Answers0