Changing userPassword in OpenLDAP using ldap3 library

我只是一个虾纸丫 提交于 2019-12-11 00:39:24

问题


I can't seem to change a users password using the ldap3 python module against an OpenLDAP server. A similar question has been asked before but that's specific to Active Directory.

What I've tried:

from ldap3.extend.standard.modifyPassword import ModifyPassword
from ldap3.utils.hashed import hashed
password = hashed(HASHED_SALTED_SHA, password)
# or..
password = '{SASL}theuser@domain.com'
modify = ModifyPassword(
    connection, user.entry_get_dn(), new_password=password)
resp = modify.send()
print(modify.result)
{'referrals': None, 'result': 0, 'description': 'success', 'type': 'extendedResp', 'message': '', 'responseName': None, 'new_password': None, 'dn': '', 'responseValue': None}

The description says success, but the password isn't actually changed.

I've also tried to send a modify replace message:

def modify_user_password(self, user, password):
    dn = user.entry_get_dn()
    hashed_password = hashed(HASHED_SALTED_SHA, 'MyStupidPassword')
    changes = {
        'userPassword': [(MODIFY_REPLACE, [hashed_password])]
    }
    logger.debug('dn: ' + dn)
    logger.debug('changes: ' + str(changes))
    success = self.engage_conn.modify(dn, changes=changes)
    if success:
        logger.debug('Changed password for: %s', dn)
        print(self.engage_conn.result)
    else:
        logger.warn('Unable to change password for %s', dn)
        logger.debug(str(self.engage_conn.result))
        raise ValueError('stop')

The connection is not an SSL connection. The answer to the AD question requires that the connection be over SSL. Is this also a requirement for OpenLDAP?

Edit:

After changing the dn to user.entry_get_dn() the code seemed to work about 90% of the time. After running these tests again today it appears that it now works consistently. I'm going to chalk this up to not viewing fresh data in my directory browser.


回答1:


Changing the password seems to work as described in the docs and shown in the edit of my question above. For future reference, this code seems to work:

from ldap3 import (
    HASHED_SALTED_SHA, MODIFY_REPLACE
)
from ldap3.utils.hashed import hashed

def modify_user_password(self, user, password):
    dn = user.entry_get_dn()
    hashed_password = hashed(HASHED_SALTED_SHA, password)
    changes = {
        'userPassword': [(MODIFY_REPLACE, [hashed_password])]
    }
    success = self.connection.modify(dn, changes=changes)
    if not success:
        print('Unable to change password for %s' % dn)
        print(self.connection.result)
        raise ValueError('Unable to change password')

To clarify a few things:

  1. This is connecting to an OpenLDAP server (with multiple databases)
  2. There is NO SSL here. We plan on implementing SSL but this works without it.


来源:https://stackoverflow.com/questions/39325089/changing-userpassword-in-openldap-using-ldap3-library

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!