1. 技术文章
  2. net-ldap create user with password

net-ldap create user with password

牧云@^-^@ 提交于 2019-12-23 15:23:01

问题


I am trying to create an AD account with a password already set using the net-ldap gem. I am able to connect to the server fine. And I am also able to add a new user without passing the :unicodepwd attribute however when the new user is created there is no password set. When I do pass that attribute the user is not created and it fails with error code 53 and the following message Unwilling to perform. I also get the same error if I try to replace the password of the user after I have created it. I've come across many potential answers but none of them have worked for me.

def initialize

        @client = Net::LDAP.new
        @client.host = server_ip
        @client.base = base
        @client.port = 389
        @client.auth(username, password)

        if @client.bind
            puts "Connected"

            add("TEST", "JEST", "testjest")
        else
            puts "Not Connected"
            display_error   
        end
    end

def add(first_name, last_name, username)
        dn = dn_value

        attrs = {
            :objectclass => ["top", "person", "organizationalPerson", "user"],
            :cn => fullname(first_name, last_name),
            :sn => last_name.capitalize,
            :givenname => first_name.capitalize,
            :displayname => fullname(first_name, last_name),
            :name => fullname(first_name, last_name),
            :samaccountname => username,
            :unicodePwd => '"password"'.encode("utf-16")
        }
        @client.add(:dn => dn, :attributes => attrs)



        if @client.get_operation_result.code != 0
            puts "Failed to add user #{fullname(first_name, last_name)}"
            display_error
        else
            puts "Added user #{fullname(first_name, last_name)}"
        end
    end

How would I set a password for the user when I create the user and not have to access it through the gui in order to update the password? Any help is appreciated

Thanks

UPDATE

I was able to get this to work once I encoded the string in a different way and connected to the SSL port 636 rather than default port 389. Using encode was the issue, seems like it was incorrectly encoding the password.

This is my new connection

@client = Net::LDAP.new
@client.host = server_ip
@client.base = base
@client.port = 636
@client.encryption(:method => :simple_tls)
@client.auth(username, password)

And the method which i used to encode the password

def encode_passwd(string)
            newstring = ""
            string = "\"" + string + "\""
            string.split("").each do |c|
                newstring = "#{newstring}#{c}\000"
            end
            return newstring
        end

Hope this helps someone in the future


回答1:


The Net::LDAP::Password.generate does not work with ActiveDirectory. The :unicodePwd LDAP-Entry-Attribute (speaking ruby-gem net-ldap parlance), you have to encode it like this

unicodepwd = "\"#{plain_text_password}\"".encode(Encoding::UTF_16LE).force_encoding(Encoding::ASCII_8BIT)

See details about the encoding here: https://msdn.microsoft.com/en-us/library/cc223248.aspx




回答2:


I just found out there is already a password generation function included in Net::LDAP !

Net::LDAP::Password.generate(:md5, 'yourPlaintextPass')

Documentation here



来源:https://stackoverflow.com/questions/24708113/net-ldap-create-user-with-password

标签
ruby
active-directory
netldap
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!