[python-ldap] Adding members to a group in AD

Russell Jackson raj at csub.edu
Sun Aug 28 21:52:35 CEST 2011 

On 08/28/2011 06:43 AM, Patrick Fitzgerald wrote:
> Hi Everyone,
>
> I am using python-ldap with Active Directory (2003) to populate an OU called "people" with
> client contacts. This works well. Now I need to add these contacts to a (distribution)
> group called 'clients'.
>
> Problem is - I can add one member and one only before i get the error:
>
> /UNWILLING_TO_PERFORM at /company/contact/34480/
> {'info': '00000057: LdapErr: DSID-0C090A85, comment: Error in attribute conversion
> operation, data 0, vece', 'desc': 'Server is unwilling to perform'}
>
> /I am trying to append the new contact to the members list of the group. My relevant code is:
>
> ContactDN = member to add to group
> SearchDN ='OU=Global Distribution Groups,OU=department,DC=example,dc=com'
>
> DN = 'cn=myClients,ou=Global Distribution Groups,OU=department,dc=example,dc=com'
>
> result_id = l.search(SearchDN,ldap.SCOPE_SUBTREE,'(cn=myClients)',['member']) # get
> members if the group
> result_data=l.result(result_id,0)
>
> old = result_data[1][0][1] # extract the relevant attribute
>
> if len(old)>0: # group has members
> attrs = old
> attrs['member'].append(ContactDN)
> else: # group has no members
> attrs={}
> attrs['member']=[ContactDN]
> ldif = modlist.modifyModlist(old,attrs)
> l.modify_s(DN,ldif)
>
> I am puzzled as to how I am allowed to add the first but not subsequent members to the
> group. As bit of a newbie to ldap, all and any advice is welcome!

modifyModList() is a bit ham fisted in that it just does a replace rather than figure out 
what to add and delete. I'm not sure if this is the problem or not, but try building your 
modlist by hand.


dn, entry = dir.search_s('dc=domain', ldap.SCOPE_SUBTREE, '''
(&
   (objectClass=group)
   (cn=some_group)
)
'''.strip())[0]

member_dn_list = [
   'cn=foo,ou=people,dc=domain',
   'cn=bar,ou=people,dc=domain',
   'cn=baz,ou=people,dc=domain',
]
modlist = [
   (ldap.MOD_ADD, 'member', [
     dn
     for dn in member_dn_list
     if dn not in entry.get('member', [])
   ])
]

ldif.LDIFWriter(sys.stderr).unparse(dn, modlist)
dir.modify_s(dn, modlist)


-- 
Russell A. Jackson <raj at csub.edu>
Network Analyst
California State University, Bakersfield

More information about the python-ldap mailing list