我正在调查各种LDAP操作的脚本.但是,我在Active Directory用户创建方面遇到了一些速度提升.
通过以下ldapmodify命令加载时,以下LDIF失败:
dn: CN=Frank,CN=Users,DC=domain,dc=local
changeType: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Frank
userPrincipalName: frank@domain.local
sAMAccountName: frank
givenName: Frank
sn: Stein
displayName: Frank Stein
description: Frankenstein's User
userAccountControl: 512
unicodePwd: "AnExamplePassword1!"
尝试通过LDIF添加用户时,我使用以下命令:
ldapmodify -H 'ldaps://<ip-of-server>:636' -D 'DOMAIN\Administrator' -x -W -f frank-add.ldif
此操作失败,并显示以下错误:
ldap_add: Server is unwilling to perform (53)
additional info: 0000001F: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
这是拒绝用户的密码策略的问题.
但是,以下Python脚本有效:
#!/usr/bin/python
import ldap
import ldap.modlist as modlist
AD_LDAP_URL='ldaps://<ip-of-server>:636'
ADMIN_USER='DOMAIN\Administrator'
# User must be …