Skip to content Skip to sidebar Skip to footer
Home / Ldap / Python

Enable/disable Account Programmatically Using Python Ldap Module?

Post a Comment
I would like to programmatically enable/disable LDAP user accounts. From the command prompt I can use dsutil and this apparently sets/removes the nsAccountLock operational attribu

Solution 1:

You should use the attribute 'userAccountControl' which contains a set of control bits.

If you are managing normal users, to enable user:

userAccountControl = 512

and to disable it:

userAccountControl = 514

Generally, if you want to enable/disable an existing user, you should retrieve current value and update it this way.

userADAccountControlFlag = 2userAccountControl = user.userAccountControl

# To enable user:userAccountControl = userAccountControl & ~userADAccountControlFlag # (& bit-wise AND, ~ bit-wise Negate)# To disable user:userAccountControl = userAccountControl | userADAccountControlFlag # (| bit-wise OR)user.userAccountControl = userAccountControl

# Then update user on ldap server

you can find more about userAccountControl attribute here: http://www.selfadsi.org/ads-attributes/user-userAccountControl.htm

Post a Comment for "Enable/disable Account Programmatically Using Python Ldap Module?"