I am writing a Python script using the python-ldap module with the purpose of creating users in Active Directory, Windows 2012R2 Server.
The problem I am facing is when the NEW DN I am creating got a syntax such us :
DN: cn=Name Second_name,.etc..
It seems to only accept a format such as :
DN: cn=NameSecond_name,.etc.. or DN: cn=Name,.etc..
Also this issue happens with the cn attribute.
My code so far is as follows:
import ldap
import ldap.modlist as modlist
import base64, sys
DN, secret = sys.argv[1:3]
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
l = ldap.initialize('ldaps://ldap_server')
l.simple_bind_s(DN,secret)
name = "name"
second_name = "secondname"
fullname = name + " " + second_name
mail = "name_secondname@company.com"
company_id = "id1234"
password = "passsword"
base_dn = "OU=Accounts,DC=internal"
user_dn = 'CN=' + name + ' ' + second_name + ',' + base_dn
user_attrs = {}
user_attrs['objectclass'] = ['top', 'person', 'organizationalPerson', 'user']
user_attrs['cn'] = full_name
user_attrs['givenName'] = str(name)
user_attrs['sn'] = str(second_name)
user_attrs['displayName'] = "%s" % full_name
user_attrs['userAccountControl'] = '514'
user_attrs['mail'] = mail
user_attrs['uid'] = company_id
user_attrs['countryCode'] = '0'
user_attrs['primaryGroupID'] = '513',
user_attrs['userPrincipalName'] = '%s@company.internal' % str(company_id)
user_attrs['sAMAccountname'] = "%s" % srt(company_id)
user_ldif = modlist.addModlist(user_attrs)
unicode_pass = unicode('\"' + password + '\"', 'iso-8859-1')
password_value = unicode_pass.encode('utf-16-le')
add_pass = [(ldap.MOD_REPLACE, 'unicodePwd', [password_value])]
# 512 will set user account to enabled
mod_acct = [(ldap.MOD_REPLACE, 'userAccountControl', '512')]
l.add_s(user_dn, user_ldif)
l.modify_s(user_dn, add_pass)
l.modify_s(user_dn, mod_acct)
The error I am currently getting is the following:
l.add_s(user_dn, user_ldif)
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 430, in add_s
return self.add_ext_s(dn,modlist,None,None)
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 416, in add_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 751, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 758, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 331, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/home/edevi98/.local/lib/python2.7/site-packages/ldap/ldapobject.py", line 315, in _ldap_call
result = func(*args,**kwargs)
ldap.INVALID_DN_SYNTAX: {'info': u"00002081: NameErr: DSID-03050CF6, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:\n\t'CN=name secondname,OU=Accounts,DC=internal'\n", 'desc': u'Invalid DN syntax'}
Any idea how to overcome this issue?
Many thanks
The base dn is incomplete, the domain components (DCs) must refer to each component of your domain.
For example the domain internal.com would be written as DC=internal,DC=com, and the base dn (as all dn in this directory tree) must match these DCs :
base_dn = "OU=Accounts,DC=internal,DC=com"