0

I have an error when I try to create a new user in my active directory with python ldap. The connection to the server works since the search function works. Here is my code, I apologize in advance if several elements are mixed up, I have tried a lot of things since different tutorial:

    import ldap
    import ldap.modlist as modlist


    ldap_client = ldap.initialize('ldap://serverName')
    ldap_client.set_option(ldap.OPT_REFERRALS, 0)
    ldap_client.simple_bind_s('root@domain', 'password')
    baseDN = "OU=ou_where_create,OU=users,OU=tree_of_ou,OU=FIM,DC=domain,DC=LAN"
    sam = 'TTEST'
    cn = "TEST Toto"
    sn = "TEST"
    givenname = "Toto"
    mail = "TTEST"
    userPrincipalName = '[email protected]'
    name = "TEST Toto"
    displayName = "TEST Toto"
    # user_dn = 'CN=' + sn + ' ' + givenname + ',' + baseDN
    user_dn = "CN=TOTOTest,OU=ou_where_create,OU=users,OU=tree_of_ou,OU=FIM,DC=domain,DC=LAN"

    user_attrs = {}
    user_attrs['objectclass'] = [b'top', b'person', b'organizationalPerson', b'user']
    user_attrs['cn'] = [b'cn']
    user_attrs['givenName'] = [b'givenname']
    user_attrs['sn'] = [b'sn']
    user_attrs['displayName'] = [b'displayName']
    user_attrs['mail'] = [b'mail']
    user_attrs['userPrincipalName'] = [b'userPrincipalName']
    user_attrs['sAMAccountname'] = [b'sam']
    user_attrs['name'] = [b'name']
    user_ldif = modlist.addModlist(user_attrs)

    ldap_client.add_s(user_dn, user_ldif)

this code gives me the error:

ldap.INVALID_DN_SYNTAX: {'msgtype': 105, 'msgid': 2, 'result': 34, 'desc': 'Invalid DN syntax', 'ctrls': [], 'info': "00002081: NameErr: DSID-03050C55, problem 2003 (BAD_ATT_SYNTAX), data 0, best match of:\n\t'CN=TOTO Test,OU=ou_where_create,OU=users,OU=tree_of_ou,OU=FIM,DC=domain,DC=LAN'\n"}

I tried with other syntax for my attributes, without list [], without byte but with .encode(utf8)... but the error is no longer the same. The problem must come from my user_dn but I don't see what. Thanking you in advance for any help or clarification you can provide. regards,

Improve this question
4
  • Does the DN syntax you're using match the DN of the existing objects in the same OU? (everything after the CN= part should be exactly the same. Commented Jun 27, 2022 at 15:51
  • thank you for your attention to my problem. Yes the whole tree after the CN exists except the name of the user I want to create (toto test). If I create the user manually in the ad and relaunch my script, it tells me that it already exists, I deduce that the path is correct. Commented Jun 28, 2022 at 6:26
  • I don't know if this is the issue, but try not setting the name attribute. It will get set from the value in cn. Commented Jun 28, 2022 at 11:50
  • I just tried without the name attribute but I got the same error, invalid DN syntax and if I put an existing account name in the cn, I got the error already exists. I look with ldap3 suddenly, for the moment I manage to create a user. It's on the search and the behavior in case of an already existing user that I'm struggling but as it seems to work I'll probably start on that. Thanks again Commented Jun 28, 2022 at 14:19
Related questions
2
ldap raises an UNWILLING TO PERFORM error
0
Python. Active_directory. Create user
6
Python LDAP and Active Directory issue
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.