Active Directory user creation with python-ldap

Nello polesello at gmail.com
Tue Apr 26 09:05:57 EDT 2011

• Previous message (by thread): EARN 10000 DOLLARS PER MONTH -USEFUL TIPS HERE -CLICK HERE
• Next message (by thread): Active Directory user creation with python-ldap
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

I need to create an Active Directory user using python-ldap library.
So, I authenticate with an admin account and I use "add_s" to create
the user.
Anyway, by default users are disabled on creation, and I can not set
userAccountControl to swith off the flag ACCOUNTDISABLE, i.e. setting
userAccountControl with 512 (NORMAL_ACCOUNT) value. See page
http://support.microsoft.com/kb/305144 for a complete list of
userAccount flags.
If I try, the server respond:
ldap.UNWILLING_TO_PERFORM: {'info': '0000052D: SvcErr: DSID-031A0FC0,
problem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is
unwilling to perform'}
Same thing if - as someone suggests - I create the user without a
password and try to set userAccountCreation later.
This is the code I use to create the account.
Any suggestions?
----------------------------
import ldap
import ldap.modlist as modlist
def addUser(username, firstname, surname, email, password):
 """Create a new user in Active Directory"""
 ldap.set_option(ldap.OPT_REFERRALS, 0)
 # Open a connection
 l = ldap.initialize(AD_LDAP_URL)
 # Bind/authenticate with a user with apropriate rights to add
objects
 l.simple_bind_s(ADMIN_USER, ADMIN_PASSWORD)
 # The dn of our new entry/object
 dn="cn=%s,%s" % (username, AD_SEARCH_DN)
 displayName = '%s %s [%s]' % (surname, firstname, username)
 # A dict to help build the "body" of the object
 attrs = {}
 attrs['objectclass'] =
['top','person','organizationalPerson','user']
 attrs['cn'] = str(username)
 attrs['sAMAccountname'] = str(username)
 attrs['userPassword'] = str(password)
 attrs['givenName'] = str(firstname)
 attrs['sn'] = str(surname)
 attrs['displayName'] = str(displayName)
 attrs['userPrincipalName'] = "%s at mail.domain.it" % username
# Some flags for userAccountControl property
 SCRIPT = 1
 ACCOUNTDISABLE = 2
 HOMEDIR_REQUIRED = 8
 PASSWD_NOTREQD = 32
 NORMAL_ACCOUNT = 512
 DONT_EXPIRE_PASSWORD = 65536
 TRUSTED_FOR_DELEGATION = 524288
 PASSWORD_EXPIRED = 8388608
# this works!
 attrs['userAccountControl'] = str(NORMAL_ACCOUNT + ACCOUNTDISABLE)
# this does not work :-(
 attrs['userAccountControl'] = str(NORMAL_ACCOUNT)
 # Convert our dict to nice syntax for the add-function using
modlist-module
 ldif = modlist.addModlist(attrs)
 l.add_s(dn,ldif)

---

• Previous message (by thread): EARN 10000 DOLLARS PER MONTH -USEFUL TIPS HERE -CLICK HERE
• Next message (by thread): Active Directory user creation with python-ldap
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-list mailing list