net-ldap create user with password

2019-06-27 20:07发布

站内文章 / Ruby
28 0 0

问题:

I am trying to create an AD account with a password already set using the net-ldap gem. I am able to connect to the server fine. And I am also able to add a new user without passing the :unicodepwd attribute however when the new user is created there is no password set. When I do pass that attribute the user is not created and it fails with error code 53 and the following message Unwilling to perform. I also get the same error if I try to replace the password of the user after I have created it. I've come across many potential answers but none of them have worked for me.

def initialize

        @client = Net::LDAP.new
        @client.host = server_ip
        @client.base = base
        @client.port = 389
        @client.auth(username, password)

        if @client.bind
            puts "Connected"

            add("TEST", "JEST", "testjest")
        else
            puts "Not Connected"
            display_error   
        end
    end

def add(first_name, last_name, username)
        dn = dn_value

        attrs = {
            :objectclass => ["top", "person", "organizationalPerson", "user"],
            :cn => fullname(first_name, last_name),
            :sn => last_name.capitalize,
            :givenname => first_name.capitalize,
            :displayname => fullname(first_name, last_name),
            :name => fullname(first_name, last_name),
            :samaccountname => username,
            :unicodePwd => '"password"'.encode("utf-16")
        }
        @client.add(:dn => dn, :attributes => attrs)



        if @client.get_operation_result.code != 0
            puts "Failed to add user #{fullname(first_name, last_name)}"
            display_error
        else
            puts "Added user #{fullname(first_name, last_name)}"
        end
    end

How would I set a password for the user when I create the user and not have to access it through the gui in order to update the password? Any help is appreciated

Thanks

UPDATE

I was able to get this to work once I encoded the string in a different way and connected to the SSL port 636 rather than default port 389. Using encode was the issue, seems like it was incorrectly encoding the password.

This is my new connection

@client = Net::LDAP.new
@client.host = server_ip
@client.base = base
@client.port = 636
@client.encryption(:method => :simple_tls)
@client.auth(username, password)

And the method which i used to encode the password

def encode_passwd(string)
            newstring = ""
            string = "\"" + string + "\""
            string.split("").each do |c|
                newstring = "#{newstring}#{c}\000"
            end
            return newstring
        end

Hope this helps someone in the future

回答1:

The Net::LDAP::Password.generate does not work with ActiveDirectory. The :unicodePwd LDAP-Entry-Attribute (speaking ruby-gem net-ldap parlance), you have to encode it like this

unicodepwd = "\"#{plain_text_password}\"".encode(Encoding::UTF_16LE).force_encoding(Encoding::ASCII_8BIT)

See details about the encoding here: https://msdn.microsoft.com/en-us/library/cc223248.aspx



回答2:

I just found out there is already a password generation function included in Net::LDAP !

Net::LDAP::Password.generate(:md5, 'yourPlaintextPass')

Documentation here



标签: ruby active-directory netldap
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~