Nello wrote: > I need to create an Active Directory user using python-ldap library. So, I > authenticate with an admin account and I use "add_s" to create the user.
This is possible. Which version of AD are you working with. > Anyway, by default users are disabled on creation, That's the correct way of doing this. > and I can not set > userAccountControl to swith off the flag ACCOUNTDISABLE, i.e. setting > userAccountControl with 512 (NORMAL_ACCOUNT) value. This should be possible. Make sure you really bind as the admin and you have sufficient access rights. Check your code. I'd suggest to set trace_level when calling ldap.initialize() to observe what gets passed to python-ldap in which order. http://www.python-ldap.org/doc/html/ldap.html#ldap.initialize > Same thing if - as someone suggests - I create the user without a > password and try to set userAccountCreation later. Passwords are different anyway since you have to set the unicodePwd attribute. I never tried to do this with a single write operation though. You can try my web2ldap which does all this also with MS AD. It has a special plugin class for attribute userAccountControl which lets you set values bit-wise when modifying an user entry. And setting password automagically switches to setting unicodePwd when working with MS AD. Ciao, Michael. -- http://mail.python.org/mailman/listinfo/python-list