0

While enabling user using ldap3 library in python with below code, getting error as mentioned below

connection to AD

server_ip = "192.xxx.0.145"
admin_username = "Domain\\Administrator"
admin_password = "Password"

ad_server = Server(server_ip, get_info=ALL)
conn = Connection(ad_server, user=admin_username,password=admin_password, auto_bind=True)

Code to enable user:

dn = "CN=Ak3s,OU=test_ou,DC=domain,DC=com"
attr_changes = [
                   {
                       "attr": "userAccountControl",
                       "value": '512'
                   }
               ]
changes = {}
for change in attr_changes:
    changes[change['attr']] = [
            (MODIFY_REPLACE, [change['value']])
        ]
user_update = conn.modify(dn=dn, changes=changes)
print(conn.result)

Error :

{'result': 53, 'description': 'unwillingToPerform', 'dn': '', 'message': '0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n\x00', 'referrals': None, 'type': 'modifyResponse'}

Kindly share if any suggestions or solutions for the same. if more details required. kindly put in comments.c

Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84
Akash senta
  • 483
  • 7
  • 16

1 Answers1

0

"Unwilling to perform" usually means that what you're asking it to do doesn't make any sense.

My guess is that this is the problem:

"value": '512'

You're giving it a string value, but userAccountControl is a number. Try setting it as a number:

"value": 512
Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84
  • I have tried that earlier but i think error is not related to this. – Akash senta Jun 25 '20 at 15:48
  • Well it definitely should be a number, not a string, so you will need to do this anyway. Is the error message exactly the same when you set it as a number? – Gabriel Luci Jun 25 '20 at 15:51
  • Does the account you are changing have a password? I know that if it's a new account and you haven't given it a password yet, then you won't be able to enable it. – Gabriel Luci Jun 25 '20 at 16:16
  • i have created account with ldap3 and with that code i added userPassword too in user creation. So it should have password. – Akash senta Jun 25 '20 at 16:33
  • i have created account with ldap3 and with that code i added `UserPassword` n user creation. So it should have password and it shows while i search for user in `UserPassword` field. – Akash senta Jun 25 '20 at 16:33
  • *"it shows while i search for user in UserPassword field"* - what do you mean by that? Active Directory will never show you the password. – Gabriel Luci Jun 25 '20 at 16:38
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/216662/discussion-between-akash-senta-and-gabriel-luci). – Akash senta Jun 25 '20 at 16:58