Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #4308

Re: Active Directory user creation with python-ldap

Show all headers | View raw

Nello wrote:
> I need to create an Active Directory user using python-ldap library. So, I
> authenticate with an admin account and I use "add_s" to create the user.

This is possible. Which version of AD are you working with.

> Anyway, by default users are disabled on creation,

That's the correct way of doing this.

> and I can not set
> userAccountControl to swith off the flag ACCOUNTDISABLE, i.e. setting
> userAccountControl with 512 (NORMAL_ACCOUNT) value. 

This should be possible. Make sure you really bind as the admin and you have
sufficient access rights.

Check your code. I'd suggest to set trace_level when calling ldap.initialize()
to observe what gets passed to python-ldap in which order.

http://www.python-ldap.org/doc/html/ldap.html#ldap.initialize

> Same thing if - as someone suggests - I create the user without a
> password and try to set userAccountCreation later.

Passwords are different anyway since you have to set the unicodePwd attribute.
I never tried to do this with a single write operation though.

You can try my web2ldap which does all this also with MS AD. It has a special
plugin class for attribute userAccountControl which lets you set values
bit-wise when modifying an user entry. And setting password automagically
switches to setting unicodePwd when working with MS AD.

Ciao, Michael.

Back to comp.lang.python | Previous | Next — Previous in thread | Find similar

Thread

Active Directory user creation with python-ldap Nello <polesello@gmail.com> - 2011-04-26 06:05 -0700
  Re: Active Directory user creation with python-ldap Michael Ströder <michael@stroeder.com> - 2011-04-29 14:51 +0200

csiph-web