net-ldap使用密码创建用户 [英] net-ldap create user with password
问题描述
我正在尝试使用 net-ldap
gem创建一个已经设置了密码的AD帐户。我能够很好地连接到服务器。而且我还可以添加新用户而无需传递:unicodepwd
属性,但是在创建新用户时没有设置密码。当我通过该属性时,未创建用户,并且失败,错误代码为 53
和以下消息不愿执行
。如果我在创建用户密码后尝试替换该用户密码,也会遇到相同的错误。我遇到了许多潜在的答案,但没有一个对我有用。
I am trying to create an AD account with a password already set using the net-ldap
gem. I am able to connect to the server fine. And I am also able to add a new user without passing the :unicodepwd
attribute however when the new user is created there is no password set. When I do pass that attribute the user is not created and it fails with error code 53
and the following message Unwilling to perform
. I also get the same error if I try to replace the password of the user after I have created it. I've come across many potential answers but none of them have worked for me.
def initialize
@client = Net::LDAP.new
@client.host = server_ip
@client.base = base
@client.port = 389
@client.auth(username, password)
if @client.bind
puts "Connected"
add("TEST", "JEST", "testjest")
else
puts "Not Connected"
display_error
end
end
def add(first_name, last_name, username)
dn = dn_value
attrs = {
:objectclass => ["top", "person", "organizationalPerson", "user"],
:cn => fullname(first_name, last_name),
:sn => last_name.capitalize,
:givenname => first_name.capitalize,
:displayname => fullname(first_name, last_name),
:name => fullname(first_name, last_name),
:samaccountname => username,
:unicodePwd => '"password"'.encode("utf-16")
}
@client.add(:dn => dn, :attributes => attrs)
if @client.get_operation_result.code != 0
puts "Failed to add user #{fullname(first_name, last_name)}"
display_error
else
puts "Added user #{fullname(first_name, last_name)}"
end
end
当我创建用户而不需要通过gui访问它来更新密码时,如何为该用户设置密码?感谢所有帮助
How would I set a password for the user when I create the user and not have to access it through the gui in order to update the password? Any help is appreciated
谢谢
更新
使用不同的方式对字符串进行编码并连接到SSL端口636而不是默认端口389后,我就能使它工作。使用 encode
是问题,似乎密码编码错误。
I was able to get this to work once I encoded the string in a different way and connected to the SSL port 636 rather than default port 389. Using encode
was the issue, seems like it was incorrectly encoding the password.
这是我的新连接
@client = Net::LDAP.new
@client.host = server_ip
@client.base = base
@client.port = 636
@client.encryption(:method => :simple_tls)
@client.auth(username, password)
以及我用来编码密码的方法
And the method which i used to encode the password
def encode_passwd(string)
newstring = ""
string = "\"" + string + "\""
string.split("").each do |c|
newstring = "#{newstring}#{c}\000"
end
return newstring
end
希望这对将来的人有帮助
Hope this helps someone in the future
推荐答案
Net :: LDAP :: Password.generate
不适用于ActiveDirectory。 :unicodePwd
LDAP条目属性(用ruby-gem net-ldap
来形容),您
必须这样编码
The Net::LDAP::Password.generate
does not work with ActiveDirectory. The :unicodePwd
LDAP-Entry-Attribute (speaking ruby-gem net-ldap
parlance), you
have to encode it like this
unicodepwd = "\"#{plain_text_password}\"".encode(Encoding::UTF_16LE).force_encoding(Encoding::ASCII_8BIT)
在此处查看有关编码的详细信息: https://msdn.microsoft.com/en-us/library/cc223248.aspx
See details about the encoding here: https://msdn.microsoft.com/en-us/library/cc223248.aspx
这篇关于net-ldap使用密码创建用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!