发表新帖
发表新帖

Enable/Disable account programmatically using Python ldap module?

前端 未结
关注
1 1380
一个人的身影
一个人的身影 2021-02-11 05:56

I would like to programmatically enable/disable LDAP user accounts. From the command prompt I can use dsutil and this apparently sets/removes the nsAccountLock operational attr

相关标签:
1条回答
  • 無奈伤痛
    2021-02-11 06:22

    You should use the attribute 'userAccountControl' which contains a set of control bits.

    If you are managing normal users, to enable user:

    userAccountControl = 512

    and to disable it:

    userAccountControl = 514

    Generally, if you want to enable/disable an existing user, you should retrieve current value and update it this way.

    userADAccountControlFlag = 2
userAccountControl = user.userAccountControl

# To enable user:
userAccountControl = userAccountControl & ~userADAccountControlFlag # (& bit-wise AND, ~ bit-wise Negate)

# To disable user:
userAccountControl = userAccountControl | userADAccountControlFlag # (| bit-wise OR)

user.userAccountControl = userAccountControl

# Then update user on ldap server

    you can find more about userAccountControl attribute here: http://www.selfadsi.org/ads-attributes/user-userAccountControl.htm

    0 讨论(0)
 看不清?
提交回复
热议问题