使用ldap python更新Active Directory密码 [英] Update Active Directory Password using ldap python

问题描述

基本上尝试使用LDAP python重置用户密码.我在这里浏览过各种文章，但没有运气:(.

Basically trying to reset the user's password using LDAP python. I've gone through various posts here but no luck :(.

尝试使用:

• a) modify_s()-每次返回无此类对象".尝试使用其他用户DN.

• a) modify_s() - returns "No such object" every time. Tried with different user DN.

{'info':"0000208D:NameErr:DSID-0310020A，问题2001(NO_OBJECT)，数据0，最佳匹配项:\ n \ t'DC = mydomain，DC = com'\ n"，"matched" :'DC = mydomain，DC = com'，'desc':'没有这样的对象'}

{'info': "0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'DC=mydomain,DC=com'\n", 'matched': 'DC=mydomain,DC=com', 'desc': 'No such object'}

以下是代码段:

def changePassword(userEmail, oldPassword, newPassword):
 try:
    ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)

    ldap_client = ldap.initialize("ldap://127.0.01.1:389")
    ldap_client.set_option(ldap.OPT_REFERRALS, 0)
    ldap_client.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
    ldap_client.set_option(ldap.OPT_X_TLS,ldap.OPT_X_TLS_DEMAND)
    ldap_client.set_option( ldap.OPT_X_TLS_DEMAND, True )
    ldap_client.set_option( ldap.OPT_DEBUG_LEVEL, 255 )
    ldap_client.simple_bind_s(ADMIN_EMAIL, ADMIN_PASSWORD)

    # Set AD password
    #unicode_pass = unicode('\"' + newPassword + '\"', "iso-8859-1")
    unicode_pass = newPassword
    password_value = unicode_pass.encode("utf-16-le")
    add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password_value]),( ldap.MOD_REPLACE, 'unicodePwd', [password_value])]

    # Replace password
    try:
      user_dn = 'CN=%s,DC=mydomain,DC=com' % username
      ldap_client.modify_s(user_dn, add_pass)
      print "Active Directory password for", username, \
            "was set successfully!"
    except ldap.LDAPError, e:
      sys.stderr.write('Error setting AD password for: ' + username + '\n')
      sys.stderr.write('Message: ' + str(e) + '\n')
      ldap_client.unbind_s()
      return 'SOME_PROBLEM'
    ldap_client.unbind_s()
    return 'AUTHENTICATED'
except ldap.INVALID_CREDENTIALS:
    ldap_client.unbind()
    return 'INVALID_CREDENTIALS'
except ldap.SERVER_DOWN:
    return 'SERVER_UNAVAILABLE'

b) passwd(userEmail, oldPassword, newPassword) .它执行得很好，但密码未更新.

b) passwd(userEmail, oldPassword, newPassword). It gets executed well but password is not updated.

需要帮助来确定问题.

Need help in identifying the problem.

参考链接: Python + LDAP + SSL

python-ldap和Microsoft Active Directory:连接并删除用户

如何设置lockoutTime和Active Directory用户的密码

如何更改密码使用Python的域用户(Windows Active Directory)?

https://groups.google.com/forum /#!topic/macromedia.coldfusion.security/Rq7xx15OeBs

http://www.grotan.com/ldap/python -ldap-samples.html#add

http://marcitland.blogspot.in/2011 /02/python-active-directory-linux.html

https://snipt.net/Fotinakis/更改活动目录密码通过ldap-modify-call/

推荐答案

我认为下面的程序对您有所帮助.Windows活动目录使用password属性作为unicode方法 https://technet.microsoft.com/en-us/magazine/ff848710.aspx

I think below program helpful for you.. windows active directory use password attribute as unicode method https://technet.microsoft.com/en-us/magazine/ff848710.aspx

import ldap
import ldap.modlist as modlist
import base64
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
l = ldap.initialize('ldaps://exam.local')
l.simple_bind_s('Administrator@exam.local', 'p@ssw0rd1') 
dn="cn=map6,ou=Police,dc=exam,dc=local" 
new_password='p@ssw0rd3'
unicode_pass = unicode('\"' + new_password + '\"', 'iso-8859-1')
print (unicode_pass)
password_value = unicode_pass.encode('utf-16-le')
add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password_value])]
print (password_value)
l.modify_s(dn, add_pass)
l.modify_s(dn, add_pass)
l.unbind_s()      

这篇关于使用ldap python更新Active Directory密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！