Geert Jansen geert at
Thu Dec 6 20:04:01 CET 2007

Roland Hedberg wrote:

> On the topic python-ldap <-> AD:
> My problem is that I can add an entry using the User object class and
> attributes contained in that class without any problems.
> But when I try to add the samAccountName attribute and thereby the
> object class SecurityPrincipal the server complains.

I am not 100% sure wether this is the same issue, but I have noticed
that you cannot create a security principal in AD without a valid
password. But because you can only set the password once the principal
is created, this is a cyclical dependency. You can get out of this by
creating the account in the disabled state (by setting the appropriate
flag in userAccountControl), then setting the password, and then
enabling it.

On a related note, you may be interested in my current project
Python-AD: The code is ready for
use and I will make the first release in a couple of days. At the moment
the code is available though Mercurial.

I have an working example script of create a user with Python-AD here: The example sets
sAMAccountName and it works flawlessly.


More information about the python-ldap mailing list