Re: Change user membership

[Oleg P. <o....@dp...>]

Thu, Sep 29, 2005 at 02:55:07PM +0200, pyt...@li...urce=
forge.net =CE=C1=D0=C9=D3=C1=CC:
> I want to move user Tester from TestGroup1 to TestGroup2 in Active=20
> Directory with py-24-ldap2-2.0.7, python-2.4.1.
> I can not guess how I can do this.
> With modify_s?
   I tryed following variant, sorry for a huge code posting:

import ldap,sys,re

class ADS_if:
      .....
      def open_connection(self):
          try:
             ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_=
NEVER)
             ldap.set_option(ldap.OPT_REFERRALS, 0)
             self.ldap_h =3D ldap.initialize("ldaps://%s"%self.server)
             self.ldap_h.simple_bind_s(self.user, self.password)
          except ldap.LDAPError, error_message:
             print >> sys.stderr, "Couldn't Connect to %s@%s. %s " % (err=
or_message, self.user, self.server)
             sys.exit(1)

      def getDN(self, user, enc=3D'koi8-r'):
          self.open_connection()
          user =3D unicode(user, enc)

          filter =3D "sAMAccountName=3D%s"%user.encode('utf-8')
          count =3D 0
          result_set =3D []
          result_id =3D self.ldap_h.search(self.base, self.scope, filter,=
 self.retrieve_attributes)
          i =3D 0
          result_type, result_data =3D self.ldap_h.result(result_id, self=
.timeout)
          if result_type =3D=3D ldap.RES_SEARCH_ENTRY:
             result_set.append(result_data)
          if len(result_set)=3D=3D0:
             print 'No such user: %s'%user
             return []
          else:
             return unicode(result_set[0][0][0],'utf-8')
=20
      def delUserFromGroup(self, user, group, enc=3D'koi8-u'):
          userDN=3Dself.getDN(user, enc)
          groupDN=3Dself.getDN(group, enc)
          print 'dn=3D"%s"'%userDN.encode(enc)
          print 'group=3D"%s"'%groupDN.encode(enc)
          self.ldap_h.modify_s(userDN.encode('utf-8'), [(ldap.MOD_DELETE,=
'memberOf',groupDN.encode('utf-8'))])    =20

>>> from ADS import ADS_if
>>> lh =3D ADS_if()
>>> lh.delUserFromGroup('spd.student','For_install')
dn=3D"CN=3D=F3=D4=D5=C4=C5=CE=D4 =F3=F0=E4,OU=3D=B6=F3=E3=ED=F0=E4,OU=3D=B6=
=F3=E3,DC=3Ddp,DC=3Duz,DC=3Dgov,DC=3Dua"
group=3D"CN=3DFor_install,CN=3DUsers,DC=3Ddp,DC=3Duz,DC=3Dgov,DC=3Dua"
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "ADS.py", line 136, in delUserFromGroup
    self.ldap_h.modify_s(userDN.encode('utf-8'), [(ldap.MOD_DELETE,'membe=
rOf',groupDN.encode('utf-8'))])
.............
ldap.UNWILLING_TO_PERFORM: {'info': '0000209A: SvcErr: DSID-031A0983, pro=
blem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to =
perform'}

am I in a right way :) ?
and how can I fix my program to avoid this error?

Thanks for any help.

--=20
Best regards,
Palij Oleg, ISC (Pridn railway)=20
xmpp://ma...@ja...