net-ldap使用密码创建用户 [英] net-ldap create user with password

问题描述

我正在尝试使用 net-ldap gem创建一个已经设置了密码的AD帐户。我能够很好地连接到服务器。而且我还可以添加新用户而无需传递：unicodepwd 属性，但是在创建新用户时没有设置密码。当我通过该属性时，未创建用户，并且失败，错误代码为 53 和以下消息不愿执行。如果我在创建用户密码后尝试替换该用户密码，也会遇到相同的错误。我遇到了许多潜在的答案，但没有一个对我有用。

I am trying to create an AD account with a password already set using the net-ldap gem. I am able to connect to the server fine. And I am also able to add a new user without passing the :unicodepwd attribute however when the new user is created there is no password set. When I do pass that attribute the user is not created and it fails with error code 53 and the following message Unwilling to perform. I also get the same error if I try to replace the password of the user after I have created it. I've come across many potential answers but none of them have worked for me.

def initialize

        @client = Net::LDAP.new
        @client.host = server_ip
        @client.base = base
        @client.port = 389
        @client.auth(username, password)

        if @client.bind
            puts "Connected"

            add("TEST", "JEST", "testjest")
        else
            puts "Not Connected"
            display_error   
        end
    end

def add(first_name, last_name, username)
        dn = dn_value

        attrs = {
            :objectclass => ["top", "person", "organizationalPerson", "user"],
            :cn => fullname(first_name, last_name),
            :sn => last_name.capitalize,
            :givenname => first_name.capitalize,
            :displayname => fullname(first_name, last_name),
            :name => fullname(first_name, last_name),
            :samaccountname => username,
            :unicodePwd => '"password"'.encode("utf-16")
        }
        @client.add(:dn => dn, :attributes => attrs)



        if @client.get_operation_result.code != 0
            puts "Failed to add user #{fullname(first_name, last_name)}"
            display_error
        else
            puts "Added user #{fullname(first_name, last_name)}"
        end
    end

当我创建用户而不需要通过gui访问它来更新密码时，如何为该用户设置密码？感谢所有帮助

How would I set a password for the user when I create the user and not have to access it through the gui in order to update the password? Any help is appreciated

谢谢

更新

使用不同的方式对字符串进行编码并连接到SSL端口636而不是默认端口389后，我就能使它工作。使用 encode 是问题，似乎密码编码错误。

I was able to get this to work once I encoded the string in a different way and connected to the SSL port 636 rather than default port 389. Using encode was the issue, seems like it was incorrectly encoding the password.

这是我的新连接

@client = Net::LDAP.new
@client.host = server_ip
@client.base = base
@client.port = 636
@client.encryption(:method => :simple_tls)
@client.auth(username, password)

以及我用来编码密码的方法

And the method which i used to encode the password

def encode_passwd(string)
            newstring = ""
            string = "\"" + string + "\""
            string.split("").each do |c|
                newstring = "#{newstring}#{c}\000"
            end
            return newstring
        end

希望这对将来的人有帮助

Hope this helps someone in the future

推荐答案

Net :: LDAP :: Password.generate 不适用于ActiveDirectory。 ：unicodePwd LDAP条目属性（用ruby-gem net-ldap 来形容），您
必须这样编码

The Net::LDAP::Password.generate does not work with ActiveDirectory. The :unicodePwd LDAP-Entry-Attribute (speaking ruby-gem net-ldap parlance), you have to encode it like this

unicodepwd = "\"#{plain_text_password}\"".encode(Encoding::UTF_16LE).force_encoding(Encoding::ASCII_8BIT)

在此处查看有关编码的详细信息： https://msdn.microsoft.com/en-us/library/cc223248.aspx

See details about the encoding here: https://msdn.microsoft.com/en-us/library/cc223248.aspx

这篇关于net-ldap使用密码创建用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！