CODEWITHSUNDEEP
javascriptactive-directoryldapldapjs
Gil Ribeiro
Gil Ribeiro

Reputation: 1

How to active a user after creating one with LDAP.JS/LDAP.TS?

I'm using LDAP.TS to automatize the users creation from glpi(don't matters on this history); So, after create the user, he becomes disabled, from my researchs, the property i need to pass on the ceration of the user are the : userAccountControl. But if i pass this value, i will receive the follow error 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0. Is there a option on Active Directory that don't allow the bind of this property?

User Example

const user = {
        accountExpires: '9223372036854775807',
        cn: 'Francine Vidal De Souza',
        company: 'Tecverde',
        department: 'Diretoria Administrativo Financeira',
        description: '55. Diretoria Administrativo Financeira',
        displayName: 'Francine Vidal De Souza',
        distinguishedName: 'CN=Francine Vidal De Souza, OU=USUARIOS,OU=TECVERDE,DC=tecverde,DC=local',
        givenName: 'Francine Vidal',
        instanceType: '4',
        mail: '[email protected]',
        manager: 'CN=Ronaldo Passeri,OU=USUARIOS,OU=TECVERDE,DC=tecverde,DC=local',
        name: 'Francine Vidal De Souza',
        objectClass: [ 'top', 'person', 'organizationalPerson', 'user' ],
        physicalDeliveryOfficeName: 'Diretoria Administrativo Financeira',
        sn: 'De Souza',
        title: 'Cfo',
        userPrincipalName: '[email protected]',
        sAMAccountName: 'francine.vidal',
        userPassword: '*****',
        userAccountControl: `66048`,
        objectCategory: 'CN=Person,CN=Schema,CN=Configuration,DC=tecverde,DC=local'
    }

I just need that the users become enable directly from ldapts creation, and i not need go to AD to active the users.

Upvotes: 0

Views: 142

Answers (1)

Gabriel Luci
Gabriel Luci

Reputation: 40958

Are you using LDAPS (LDAP over SSL on port 636)? The connection must be encrypted to set the password. The account will usually be disabled by default if it doesn't have a password, and you will get an "unwilling to perform" error if you try to set the password over and unencrypted connection, or try to enable an account that doesn't have a password.

The userPassword attribute may not work for setting the password. The actual attribute for setting the password is unicodePwd, but it takes a specific format. This function will do it for you (taken from here):

function encodePassword(password) {
    return new Buffer('"' + password + '"', 'utf16le').toString();
}

So instead of this line:

userPassword: '*****',

use this:

unicodePwd: encodePassword('*****'),

Upvotes: 0

Related Questions