Active Directory user creation with python-ldap

Michael Ströder michael at stroeder.com
Fri Apr 29 08:51:18 EDT 2011 

Nello wrote:
> I need to create an Active Directory user using python-ldap library. So, I
> authenticate with an admin account and I use "add_s" to create the user.

This is possible. Which version of AD are you working with.
> Anyway, by default users are disabled on creation,

That's the correct way of doing this.
> and I can not set
> userAccountControl to swith off the flag ACCOUNTDISABLE, i.e. setting
> userAccountControl with 512 (NORMAL_ACCOUNT) value. 

This should be possible. Make sure you really bind as the admin and you have
sufficient access rights.
Check your code. I'd suggest to set trace_level when calling ldap.initialize()
to observe what gets passed to python-ldap in which order.
http://www.python-ldap.org/doc/html/ldap.html#ldap.initialize
> Same thing if - as someone suggests - I create the user without a
> password and try to set userAccountCreation later.

Passwords are different anyway since you have to set the unicodePwd attribute.
I never tried to do this with a single write operation though.
You can try my web2ldap which does all this also with MS AD. It has a special
plugin class for attribute userAccountControl which lets you set values
bit-wise when modifying an user entry. And setting password automagically
switches to setting unicodePwd when working with MS AD.
Ciao, Michael.

More information about the Python-list mailing list

AltStyle によって変換されたページ (->オリジナル) /