本文介绍了使用 Python ldap 模块以编程方式启用/禁用帐户?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想以编程方式启用/禁用 LDAP 用户帐户.从命令提示符我可以使用 dsutil ,这显然设置/删除 nsAccountLock 操作属性.我试图做 modify_s() 以在 Python 中设置和删除此属性,但始终收到以下错误消息:对条目 '' 的 'nsAccountLock' 属性的'写入'权限不足".

I would like to programmatically enable/disable LDAP user accounts. From the command prompt I can use dsutil and this apparently sets/removes the nsAccountLock operational attribute. I have attempted to do modify_s() to set and remove this attribute from w/in Python but always get the following error message: "Insufficient 'write' privilege to the 'nsAccountLock' attribute of entry ''".

有没有办法通过 Python 以编程方式设置/删除/添加操作属性或启用/禁用 ldap 用户?

Is there a way to set/remove/add operational attributes or otherwise enable/disable ldap users programmatically through Python?

谢谢,C

推荐答案

您应该使用包含一组控制位的属性userAccountControl".

You should use the attribute 'userAccountControl' which contains a set of control bits.

如果你是管理普通用户,启用用户:

If you are managing normal users, to enable user:

userAccountControl = 512

并禁用它:

userAccountControl = 514

一般来说,如果您想启用/禁用现有用户,您应该检索当前值并以这种方式更新它.

Generally, if you want to enable/disable an existing user, you should retrieve current value and update it this way.

userADAccountControlFlag = 2
userAccountControl = user.userAccountControl

# To enable user:
userAccountControl = userAccountControl & ~userADAccountControlFlag # (& bit-wise AND, ~ bit-wise Negate)

# To disable user:
userAccountControl = userAccountControl | userADAccountControlFlag # (| bit-wise OR)

user.userAccountControl = userAccountControl

# Then update user on ldap server

您可以在此处找到有关 userAccountControl 属性的更多信息:http://www.selfadsi.org/ads-attributes/user-userAccountControl.htm

you can find more about userAccountControl attribute here: http://www.selfadsi.org/ads-attributes/user-userAccountControl.htm

这篇关于使用 Python ldap 模块以编程方式启用/禁用帐户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-05 11:31