userPassword not being set

Question

userPassword not being set

Wolfhound905 opened this issue a year ago · 1 comments

I have created an async connection and am doing the following:

    new_student = LDAPEntry(
        f"CN={user.first_name} {last_name},OU=Students,OU=Users,OU=School District,DC=example,DC=k12DC=us",
    )
    new_student["objectClass"] = ["top", "person", "organizationalPerson", "user"]
    new_student["cn"] = f"{user.first_name} {last_name}"
    new_student["sn"] = user.last_name
    new_student["givenName"] = user.first_name
    new_student["displayName"] = f"{user.first_name} {user.last_name}"
    new_student["description"] = description
    new_student["sAMAccountName"] = username
    new_student["userPrincipalName"] = email
    new_student["userAccountControl"] = "65536"
    new_student["uid"] = user.oc_id
    new_student["extensionAttribute1"] = "/School District/Students"
    new_student["userPassword"] = "VerySecurePassword123!"
    
    user = await session.add(new_student)

The user is being created and no errors are returned. But when trying to log into the account, the password is wrong. It seems to be that the password is just never being set, as I am able to just log in with no password.

I am using "SIMPLE" auth mech.

Please let me know what I may be doing wrong, or if this is a library issue.

Answer 1 · 2023-12-04T16:57:42.000Z

I fixed this by setting the "unicodePwd" attribute and using GSSAPI for auth.

here is the funciton if anyone is interested.

def encode_password(password: str):
    """Encodes a password to be set for an AD account via the LDAP protocol.
    Surrounds password in quotes and encodes with 'utf-16-le' as is required when setting the
    password of the computer account.
    """
    quoted_pw = '"' + password + '"'
    encoded_pw = quoted_pw.encode("utf-16-le")
    return encoded_pw