首页 / 问题 / 正文

ldap 引发 UNWILLING TO PERFORM 错误

2 投票
1 回答
4424 浏览
提问于 2025-04-15 19:20

我的Django应用程序正在使用python-ldap库(ldap_groups这个Django应用),需要在一个Windows 2003虚拟机的域中添加用户到Active Directory。我的应用程序运行在一个Ubuntu虚拟机上,并不是Windows域的成员。

以下是代码:

settings.py

DNS_NAME='IP_ADRESS'

LDAP_PORT=389
LDAP_URL='ldap://%s:%s' % (DNS_NAME,LDAP_PORT)
BIND_USER='cn=administrateur,cn=users,dc=my,dc=domain,dc=fr'
BIND_PASSWORD="AdminPassword"

SEARCH_DN='cn=users,dc=my,dc=domain,dc=fr'
NT4_DOMAIN='E2C'
SEARCH_FIELDS= ['mail','givenName','sn','sAMAccountName','memberOf']
MEMBERSHIP_REQ=['Group_Required','Alternative_Group']

AUTHENTICATION_BACKENDS  = (

    'ldap_groups.accounts.backends.ActiveDirectoryGroupMembershipSSLBackend',
    'django.contrib.auth.backends.ModelBackend',
)

DEBUG=True
DEBUG_FILE='/$HOME/ldap.debug'

backends.py

import ldap
import ldap.modlist as modlist

username, email, password = kwargs['username'], kwargs['email'], kwargs['password1']

ldap.set_option(ldap.OPT_REFERRALS, 0)

# Open a connection
l = ldap.initialize(settings.LDAP_URL)

# Bind/authenticate with a user with apropriate rights to add objects
l.simple_bind_s(settings.BIND_USER,settings.BIND_PASSWORD)

# The dn of our new entry/object
dn="cn=%s,%s" % (username,settings.SEARCH_DN)


# A dict to help build the "body" of the object
attrs = {}
attrs['objectclass'] = ['top','organizationalRole','simpleSecurityObject']
attrs['cn'] = username.encode('utf-16')
attrs['userPassword'] = password.encode('utf-16')
attrs['description'] = 'User object for replication using slurpd'

# Convert our dict to nice syntax for the add-function using modlist-module
ldif = modlist.addModlist(attrs)

# Do the actual synchronous add-operation to the ldapserver
l.add_s(dn,ldif)

# Its nice to the server to disconnect and free resources when done
l.unbind_s()

当我调试我的代码时,发现调用“l.add_s”添加用户时出现了问题。

不过,它返回了以下错误:

UNWILLING_TO_PERFORM at /accounts/register/

{'info': '00002077: SvcErr: DSID-031907B4, problem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to perform'}

如果我使用错误的凭证,服务器会返回INVALID CREDENTIAL,所以我认为我上面使用的凭证是正确的,可以连接到ldap目录。

也许我的Ubuntu应该是域的成员,或者我的代码有问题?

django ubuntu ldap active directory user management windows server directory services authentication errors

1 个回答

2

我找到了问题。其实我的对象类不符合Active Directory的要求。

另外,信息编码需要用Python字符串来处理。

下面是可以使用的代码:

 attrs = {}
        attrs['objectclass'] = ['top','person','organizationalPerson','user']
        attrs['cn'] = str(username)
        attrs['userPassword'] = str(password)
        attrs['mail']=str(email)
        attrs['givenName']=str(firstname)
        attrs['sn']=str(surname)
        attrs['description'] = 'User object for replication using slurpd'

我现在可以成功在我的Active Directory中添加一个账户了。

希望这对你有帮助。

回答于 2025-04-15 由 Python大师
分享 举报

撰写回答