2
我試圖用python-ldap從python腳本創建AD中的安全組。python-ldap創建組
我能夠綁定我有足夠權限執行此操作的用戶(通過從ADExplorer gui客戶端創建組進行確認)並搜索域,但是在添加新組時它會失敗:
ldap.INSUFFICIENT_ACCESS:{ '信息': '00000005:SecErr:DSID-03152492,問題4003(INSUFF_ACCESS_RIGHTS),數據0 \ n', '降序': '訪問不足'}
這是腳本:
import ldap
import ldap.modlist as modlist
server = 'hidden'
user_dn = 'hidden'
user_pw = 'hidden'
fs_dn = 'ou=fssecuritygroups,ou=tkogroups,ou=tokyo,dc=unit,dc=xyz,dc=intra'
l = ldap.initialize("ldaps://"+server)
l.bind_s(user_dn, user_pw)
groupname = 'mytestfs'
attr = {}
attr['objectClass'] = ['group','top']
attr['groupType'] = '-2147483646'
attr['cn'] = groupname
attr['name'] = groupname
attr['sAMAccountName'] = groupname
ldif = modlist.addModlist(attr)
print(l.add_s(fs_dn,ldif))