2

I am new to python and the ldap3 module. However I want to create a AD group in a specific OU. How can this be done?

# import class and constants
from ldap3 import Server, Connection, ALL

# define the server
s = Server('servername', get_info=ALL)  # define an unsecure LDAP server, 

# define the connection
c = Connection(s, user='user_dn', password='user_password')

ou = "OU=Staff,OU=RU,DC=DOMAIN,DC=LOCAL"
groupname="ADM_Local"
description="local group for access to IPA"

How can I add the group ADM_Localin the defined ou and add the description to the group? The documentation does not say anything about how its done: https://ldap3.readthedocs.io/tutorial_operations.html#create-an-entry

user3270211
  • 915
  • 4
  • 20
  • 42

1 Answers1

1

You need to use the groupOfNames structural objectClass (or derived). Note that depending on your ldap server implementation the member attribute may be required to prevent creating empty groups. 

groupDN = 'cn=ADM_Local,ou=Staff,ou=RU,dc=domain,dc=local'
objectClass = 'groupOfNames'
attr = {
  'cn': 'ADM_Local',
  'member': 'uid=admin,ou=people,dc=domain,dc=local',
  'description': 'local group for access to IPA'
}

c.add(groupDN , objectClass , attr)
EricLavault
  • 12,130
  • 3
  • 23
  • 45
  • Hi, thanks for your response. I was receiving some permission error first and solving that I am recieving the following error: `ldap3.core.exceptions.LDAPEntryAlreadyExistsResult: LDAPEntryAlreadyExistsResult - 68 - entryAlreadyExists - None - 00002071: UpdErr: DSID-030503C4, problem 6005 (ENTRY_EXISTS), data 0`. I am really unsure what it means, I have verified that the group I am trying to create do not exist from before. So please help me troubleshoot this. – user3270211 Mar 30 '19 at 15:28
  • Strange.. I would try to delete the entry before running the script again to see what happens, and also ensure that it doesn't loop (or run twice for any reason). Or maybe somewhere you're adding another entry that actually already exists. Using the command line may help. – EricLavault Mar 30 '19 at 17:29
  • I checked and my code is clean and simple. The entry does not exist. I also looked in the documentation and could not find any examples of creating an group. https://ldap3.readthedocs.io/add.html – user3270211 Mar 30 '19 at 18:35