Python LDAP更改密码无效

我目前正试图用Python（3）和LDAP模块修改广告上用户的密码。 当我的脚本完成时，一切看起来都正常。 但是，密码与以前相同

这是我的剧本：

LDAP_SERVER = <domain>
LDAP_USERNAME = <admin_username>
LDAP_PASSWORD = <admin_password>
dn = <DN>
quoted_new_password = '\"' + <new_password> + '\"'
quoted_new_password_bytes = quoted_new_password.encode('UTF-16LE')

ldap_client = ldap.initialize(LDAP_SERVER)
ldap_client.set_option(ldap.OPT_REFERRALS, 0)
ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
ad_user_filter = '(&(objectClass=user)(sAMAccountName=<username-for-password-modification>))'
res = ldap_client.search_s(dn, ldap.SCOPE_SUBTREE, ad_user_filter)
user_dn = (res[0][1]['distinguishedName'][0]).decode("utf-8")
modlist = [ (ldap.MOD_REPLACE, "userPassword", quoted_new_password_bytes)]
ldap_client.modify_s(user_dn, modlist)

但是，103代码与任何内容都不对应…

已解决

域是ldap://the_domain:389。 但它无法工作，因为我必须使用安全服务器：ldaps而不是ldap，端口636而不是389

因此，我将LDAP_服务器更改为ldaps://the_domain:636

然而，我的剧本不再有效了。 在改编之前，我从另一篇文章中摘取了这个脚本：

import ldap3

SERVER = 'ldaps://thedomain:636'
BASE_DN = "DC=domain,DC=com"
LDAP_USERNAME = "admin_username@thedomain.com"
LDAP_PASSWORD = "admin_password"
CURRENT_PWD = "the_current_password"
NEW_PWD = "the_new_password"
SEARCHED_USERNAME = "M_tete_en_l_air"

SEARCH_FILTER = '(&(objectClass=User)(samaccountname='+SEARCHED_USERNAME +'))'

USER_DN = ""

ldap_server = ldap3.Server(SERVER, get_info=ldap3.ALL)
conn = ldap3.Connection(ldap_server, LDAP_USERNAME, LDAP_PASSWORD, auto_bind=True)
conn.start_tls()

conn.search(search_base = BASE_DN,
         search_filter = SEARCH_FILTER,
         search_scope = ldap3.SUBTREE,
         attributes = ['cn', 'givenName'],
         paged_size = 5)

for entry in conn.response:
    if entry.get("dn") and entry.get("attributes"):
        if entry.get("attributes").get("cn"):
            USER_DN=entry.get("dn")

print(USER_DN)
success = ldap3.extend.microsoft.modifyPassword.ad_modify_password(conn, USER_DN, NEW_PWD, CURRENT_PWD,  controls=None)
print("Password modified: ", success)

（我没有这个剧本）

已解决

域是ldap://the_domain:389。 但它无法工作，因为我必须使用安全服务器：ldaps而不是ldap，端口636而不是389

因此，我将LDAP_服务器更改为ldaps://the_domain:636

然而，我的剧本不再有效了。 在改编之前，我从另一篇文章中摘取了这个脚本：

import ldap3

SERVER = 'ldaps://thedomain:636'
BASE_DN = "DC=domain,DC=com"
LDAP_USERNAME = "admin_username@thedomain.com"
LDAP_PASSWORD = "admin_password"
CURRENT_PWD = "the_current_password"
NEW_PWD = "the_new_password"
SEARCHED_USERNAME = "M_tete_en_l_air"

SEARCH_FILTER = '(&(objectClass=User)(samaccountname='+SEARCHED_USERNAME +'))'

USER_DN = ""

ldap_server = ldap3.Server(SERVER, get_info=ldap3.ALL)
conn = ldap3.Connection(ldap_server, LDAP_USERNAME, LDAP_PASSWORD, auto_bind=True)
conn.start_tls()

conn.search(search_base = BASE_DN,
         search_filter = SEARCH_FILTER,
         search_scope = ldap3.SUBTREE,
         attributes = ['cn', 'givenName'],
         paged_size = 5)

for entry in conn.response:
    if entry.get("dn") and entry.get("attributes"):
        if entry.get("attributes").get("cn"):
            USER_DN=entry.get("dn")

print(USER_DN)
success = ldap3.extend.microsoft.modifyPassword.ad_modify_password(conn, USER_DN, NEW_PWD, CURRENT_PWD,  controls=None)
print("Password modified: ", success)

（我没有这个剧本）

---

您应该检查ldapmodify操作的结果。很可能它被拒绝了。请注意，如果连接不安全（TLS），AD可能不允许您更改密码。谢谢Ludovic Poitou，您的评论帮助我找到了正确的方法。事实上，我尝试的服务器不安全。103或3代码“对应”LDAP RFCs中记录的一个错误代码。您应该检查ldapmodify操作的结果。很可能它被拒绝了。请注意，如果连接不安全（TLS），AD可能不允许您更改密码。谢谢Ludovic Poitou，您的评论帮助我找到了正确的方法。事实上，我尝试的服务器不安全。103或3代码“对应”LDAP RFCs中记录的一个错误代码。

import ldap3

SERVER = 'ldaps://thedomain:636'
BASE_DN = "DC=domain,DC=com"
LDAP_USERNAME = "admin_username@thedomain.com"
LDAP_PASSWORD = "admin_password"
CURRENT_PWD = "the_current_password"
NEW_PWD = "the_new_password"
SEARCHED_USERNAME = "M_tete_en_l_air"

SEARCH_FILTER = '(&(objectClass=User)(samaccountname='+SEARCHED_USERNAME +'))'

USER_DN = ""

ldap_server = ldap3.Server(SERVER, get_info=ldap3.ALL)
conn = ldap3.Connection(ldap_server, LDAP_USERNAME, LDAP_PASSWORD, auto_bind=True)
conn.start_tls()

conn.search(search_base = BASE_DN,
         search_filter = SEARCH_FILTER,
         search_scope = ldap3.SUBTREE,
         attributes = ['cn', 'givenName'],
         paged_size = 5)

for entry in conn.response:
    if entry.get("dn") and entry.get("attributes"):
        if entry.get("attributes").get("cn"):
            USER_DN=entry.get("dn")

print(USER_DN)
success = ldap3.extend.microsoft.modifyPassword.ad_modify_password(conn, USER_DN, NEW_PWD, CURRENT_PWD,  controls=None)
print("Password modified: ", success)