使用ldap3库在OpenLDAP中更改userPassword [英] Changing userPassword in OpenLDAP using ldap3 library

问题描述

我似乎无法使用ldap3 python模块针对OpenLDAP服务器更改用户密码.在之前，有人问过类似的问题，但这是特定的到Active Directory.

I can't seem to change a users password using the ldap3 python module against an OpenLDAP server. A similar question has been asked before but that's specific to Active Directory.

我尝试过的事情:

from ldap3.extend.standard.modifyPassword import ModifyPassword
from ldap3.utils.hashed import hashed
password = hashed(HASHED_SALTED_SHA, password)
# or..
password = '{SASL}theuser@domain.com'
modify = ModifyPassword(
    connection, user.entry_get_dn(), new_password=password)
resp = modify.send()
print(modify.result)
{'referrals': None, 'result': 0, 'description': 'success', 'type': 'extendedResp', 'message': '', 'responseName': None, 'new_password': None, 'dn': '', 'responseValue': None}

说明成功，但实际上并未更改密码.

The description says success, but the password isn't actually changed.

我还尝试发送修改替换消息:

I've also tried to send a modify replace message:

def modify_user_password(self, user, password):
    dn = user.entry_get_dn()
    hashed_password = hashed(HASHED_SALTED_SHA, 'MyStupidPassword')
    changes = {
        'userPassword': [(MODIFY_REPLACE, [hashed_password])]
    }
    logger.debug('dn: ' + dn)
    logger.debug('changes: ' + str(changes))
    success = self.engage_conn.modify(dn, changes=changes)
    if success:
        logger.debug('Changed password for: %s', dn)
        print(self.engage_conn.result)
    else:
        logger.warn('Unable to change password for %s', dn)
        logger.debug(str(self.engage_conn.result))
        raise ValueError('stop')

该连接不是是SSL连接. AD问题的答案要求连接通过SSL.这也是OpenLDAP的要求吗?

The connection is not an SSL connection. The answer to the AD question requires that the connection be over SSL. Is this also a requirement for OpenLDAP?

将dn更改为user.entry_get_dn()后，该代码似乎在90％的时间内都能正常工作.今天再次运行了这些测试之后，现在看来它可以一致地工作了.我将对此进行总结，以免在目录浏览器中不查看新数据.

After changing the dn to user.entry_get_dn() the code seemed to work about 90% of the time. After running these tests again today it appears that it now works consistently. I'm going to chalk this up to not viewing fresh data in my directory browser.

推荐答案

更改密码似乎可以按照文档中所述以及上面我对问题的修改中所述进行操作.为了将来参考，此代码似乎可以正常工作:

Changing the password seems to work as described in the docs and shown in the edit of my question above. For future reference, this code seems to work:

from ldap3 import (
    HASHED_SALTED_SHA, MODIFY_REPLACE
)
from ldap3.utils.hashed import hashed

def modify_user_password(self, user, password):
    dn = user.entry_get_dn()
    hashed_password = hashed(HASHED_SALTED_SHA, password)
    changes = {
        'userPassword': [(MODIFY_REPLACE, [hashed_password])]
    }
    success = self.connection.modify(dn, changes=changes)
    if not success:
        print('Unable to change password for %s' % dn)
        print(self.connection.result)
        raise ValueError('Unable to change password')

澄清一些事情:

1. 这正在连接到具有多个数据库的OpenLDAP服务器
2. 这里有否 SSL.我们计划实施SSL，但是如果没有SSL，它会起作用.

1. This is connecting to an OpenLDAP server (with multiple databases)
2. There is NO SSL here. We plan on implementing SSL but this works without it.

这篇关于使用ldap3库在OpenLDAP中更改userPassword的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！