Changing Active Directory user password in Python 3.x(在 Python 3.x 中更改 Active Directory 用户密码)
问题描述
我正在尝试制作一个 Python 脚本,该脚本将打开与运行 AD 的服务器的 LDAP 连接,获取搜索条目(在本例中为名称),搜索该条目并将该用户密码更改为随机生成的密码(以及设置在登录时更改密码的选项),然后向他们发送包含新临时密码的自动安全电子邮件.
I am trying to make a Python script that will open an LDAP connection to a server running AD, take a search entry (in this case a name), search for that entry and change that users password to a randomly generated password (as well as set the option to change password on logon) and then send them an automated secure email containing the new temporary password.
到目前为止,我已经能够连接到服务器,并搜索返回的单个 DN.正在生成临时密码,并且正在发送电子邮件(尽管密码没有经过哈希处理,并且电子邮件尚不安全).但是,我找不到任何关于从这里去哪里的信息.
So far I have been able to connect to the server, and search for a single DN which returns. The temporary password is being generated, and an email is being sent (although the password is not hashed, and the email is not secure yet). However, I cannot find any information on where to go from here.
我发现 使用 python 更改 windows 用户密码但是我发现这与 AD 并不能很好地配合,而且我发现的 Python 文档中的其他 LDAP 似乎从 2.x 开始已经过时并且不再有效.ldap3 的文档(https://media.readthedocs.org/pdf/ldap3/stable/ldap3.pdf) 似乎也没有真正提及它,并且详尽的谷歌搜索也没有结果.我是这种编程的新手,以前只有低水平或学术知识,所以这有点令人沮丧,但 Python 是我最强的语言.
I have found Change windows user password with python however I see that this does not play well with AD, and the other LDAP in Python documentation I have been finding seems to be outdated from 2.x and no longer works. The documentation for ldap3 (https://media.readthedocs.org/pdf/ldap3/stable/ldap3.pdf) also doesnt seem to really mention anything for it, and exhaustive Googling has been fruitless. I am new to this kind of programming having only low level or academic knowledge previously, so this has been a bit frustrating but Python is my strongest language.
----------------根据当前状态编辑代码---------------
----------------EDITED CODE TO CURRENT STATUS-----------------------
#Takes input for name which will be used for search criterion
zid = input("ZID: ")
zid = str(zid).lower()
print(zid)
#Binds session to the server and opens a connection
try:
server = ldap3.Server('ldap://<IP_Address>', get_info=all)
conn = ldap3.Connection(server, '%s@something.com' %zid, password = "<something>", auto_bind=True)
print("Successfully bound to server.
")
except:
print("Unsucessful initialization of <IP_Address>")
try:
server = ldap3.Server('ldap://<IP_Address>', get_info=all)
conn = ldap3.Connection(server, '%s@something.com' %zid, password = "<something>", auto_bind=True)
print("Successfully bound to server.
")
except:
print("Unsucessful initialization of <IP_Address>")
try:
server = ldap3.Server('ldap://<IP_Address>', get_info=all)
conn = ldap3.Connection(server, '%s@something.com', password = "<something>", auto_bind=True) %zid
print("Successfully bound to server.
")
except:
print("Unsucessful initialization of <IP_Address>")
sys.exit(0)
#Searches and prints LDAP entries
try:
base_dn = 'DC=<something>,DC=<something>,DC=<something>,DC=<something>,DC=com'
zid_filter = '(sAMAccountName=%s)' %zid
conn.search(base_dn, zid_filter, attributes=['mail'])
#i.e. "DN: CN=<First Last>,OU=<something>, DC= <something>
user_dn = str(conn.entries)
#i.e. "CN=<First Last>"
front = user_dn.find('C')
back = user_dn.find(',')
user_cn = user_dn[front:back]
#i.e. "<First Last>"
display_name = user_cn[3:]
#i.e. "first.last@<something>.com"
raw_email = str(conn.entries)
front = raw_email.find('mail: ')
back = raw_email.find('@<something>.com')
user_email = raw_email[front + 6:back] + '@<something>.com'
except:
print("Could not search entries")
#Generates random 12 digit alpha-numeric password
try:
new_password = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(12))
print(new_password)
print("New password successfully generated")
except:
print("New password could not be generated")
#Set and replace AD Password
try:
conn.extend.microsoft.modify_password(user_dn, None, new_password)
print ("Active Directory password was set successfully!")
except:
print('Error setting AD password')
sys.exit(0)
<小时>
关于如何在整个考验期间出于安全目的获取/设置用户密码和散列密码的任何建议?对于电子邮件,我想我可以强制它使用 HTTPS 就足够了,但是我想保护将 new_password 传递给服务器的连接.
Any suggestions on how to get/set the user password and hash the password for security purposes during this whole ordeal? For the email I imagine I can force it to use HTTPS and that would be sufficient, but the connection to the server passing the new_password to I would like to secure.
推荐答案
ldap3 中包含了修改 AD 密码的具体方法,生成新密码后添加以下内容即可:
ldap3 contains a specific method for changing AD password, just add the following after you generated a new password:
<代码>dn = conn.entries[0].entry_get_dn() # 假设你得到了一个条目conn.extend.microsoft.modify_password(dn, None, new_password)
这应该正确编码密码并将其存储在 AD 中.
This should properly encode the password and store it in AD.
这篇关于在 Python 3.x 中更改 Active Directory 用户密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:在 Python 3.x 中更改 Active Directory 用户密码
基础教程推荐
- 如何在海运重新绘制中自定义标题和y标签 2022-01-01
- 在 Python 中,如果我在一个“with"中返回.块,文件还会关闭吗? 2022-01-01
- 用于分类数据的跳跃记号标签 2022-01-01
- 线程时出现 msgbox 错误,GUI 块 2022-01-01
- 使用PyInstaller后在Windows中打开可执行文件时出错 2022-01-01
- 筛选NumPy数组 2022-01-01
- 何时使用 os.name、sys.platform 或 platform.system? 2022-01-01
- 如何让 python 脚本监听来自另一个脚本的输入 2022-01-01
- Dask.array.套用_沿_轴:由于额外的元素([1]),使用dask.array的每一行作为另一个函数的输入失败 2022-01-01
- Python kivy 入口点 inflateRest2 无法定位 libpng16-16.dll 2022-01-01
