我正在使用 python-ldap 模块编写 Python 脚本,目的是在 Active Directory、Windows 2012R2 Server 中创建用户。
我面临的问题是当我创建的新 DN 有这样的语法时:
DN: cn=Name Second_name,.etc..
它似乎只接受这样的格式:
DN: cn=NameSecond_name,.etc.. 或者 DN: cn=Name,.etc..
cn 属性也会出现此问题。
到目前为止我的代码如下:
import ldap
import ldap.modlist as modlist
import base64, sys
DN, secret = sys.argv[1:3]
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
l = ldap.initialize('ldaps://ldap_server')
l.simple_bind_s(DN,secret)
name = "name"
second_name = "secondname"
fullname = name + " " + second_name
mail = "name_secondname@company.com"
company_id = "id1234"
password = "passsword"
base_dn = "OU=Accounts,DC=internal"
user_dn = 'CN=' + name + ' ' + second_name + ',' + base_dn
user_attrs = {}
user_attrs['objectclass'] = ['top', 'person', 'organizationalPerson', 'user']
user_attrs['cn'] = full_name
user_attrs['givenName'] = str(name)
user_attrs['sn'] = str(second_name)
user_attrs['displayName'] = "%s" % full_name
user_attrs['userAccountControl'] = '514'
user_attrs['mail'] = mail
user_attrs['uid'] = company_id
user_attrs['countryCode'] = '0'
user_attrs['primaryGroupID'] = '513',
user_attrs['userPrincipalName'] = '%s@company.internal' % str(company_id)
user_attrs['sAMAccountname'] = "%s" % srt(company_id)
user_ldif = modlist.addModlist(user_attrs)
unicode_pass = unicode('\"' + password + '\"', 'iso-8859-1')
password_value = unicode_pass.encode('utf-16-le')
add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password_value])]
# 512 will set user account to enabled
mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', '512')]
l.add_s(user_dn, user_ldif)
l.modify_s(user_dn, add_pass)
l.modify_s(user_dn, mod_acct)
我目前收到的错误如下:
l.add_s(user_dn, user_ldif)
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 430, in add_s
return self.add_ext_s(dn,modlist,None,None)
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 416, in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 751, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 758, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 331, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 315, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_DN_SYNTAX: {'info': u"00002081: NameErr: DSID-03050CF6, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:\n\t'CN=name secondname,OU=Accounts,DC=internal'\n", 'desc': u'Invalid DN syntax'}
知道如何解决这个问题吗?
非常感谢
最佳答案
基础 dn 不完整,域组件 (DC) 必须引用您域的每个组件。
例如,域 internal.com 将写为 DC=internal,DC=com,并且基本 dn(作为此目录树中的所有 dn)必须匹配这些 DC:
base_dn = "OU=Accounts,DC=internal,DC=com"
关于python-ldap -- 在 Active Directory 中创建用户 -- 问题 2003 (BAD_ATT_SYNTAX) cn 和 DN,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56490292/