使用ldap3库尝试更改Active Directory用户密码时遇到错误,错误代码为53,通常由未加密连接或密码编码不正确引起。尽管SSL连接似乎正常,但通过'unicodePwd'字段修改密码仍然失败。解决方案是使用ldap3的extend.microsoft.modify_password方法来专门更改AD密码。
Whenever I try to change someone's password via ldap3 library I get the following error:
{'type': 'modifyResponse', 'result': 53, 'message': '0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n\x00', 'referrals': None, 'description': 'unwillingToPerform', 'dn': ''}
This error usually occurs because of the two conditions: either user is trying to modify the password through the unencrypted connection or the password is being sent with the incorrect encoding. My SSL connection is fine (at least it seems to be):
print(connection)
>>> ldaps://DC1.DOMAIN.LOCAL:636 - ssl - user: DOMAIN\admin - not lazy - bound - open - - tls not started - listening - SyncStrategy - internal decoder
I tried to encode the string I'm trying send to the LDAP server, but .encode('utf-16le') didn't do the trick. Any other workarounds?
I have a test domain environment with Windows Server 2012 R2 as a domain controller, and the code I'm trying to change the password with is present below.
import ssl
from ldap3 import *
tls_configuration = Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1_2)
s = Server('DC1.domain.local', get_info=ALL, use_ssl=True, tls=tls_configuration)
password = 'mypasswordhere'
c = Connection(s, user="DOMAIN\\admin", password=password)
c.open()
c.bind()
user = "CN=Dummy Dumass,OU=Automatically Generated,OU=Staff,OU=RU,DC=DOMAIN,DC=LOCAL"
c.modify(user, {
'unicodePwd': [(MODIFY_REPLACE, ['New12345'])]
})
print(c.result)
c.unbind()
解决方案
ldap3 contains a specific method for changing AD password, use the following code instead of c.modify():
c.extend.microsoft.modify_password(user, new_password)
扫一扫
2187
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
