I'm trying to add a user to Active Directory via LDAP using Python 3 with ldap3.
Currently I have this line of code which works and returns true:
conn.add('cn=' + uid + ',cn=Users,dc=example,dc=com', 'user', {'sAMAccountName': uid, 'userPrincipalName': uid,'givenName': fname, 'sn': sname, 'displayName': name, 'mail': uid + '@example.com'})
All this does is simply create an user with the parameters given - great.
I then wanted to assign the user I'm creating to a group, so I added the following to the attribute list (also tried with member instead of memberOf):
'memberOf': ['cn=My Group,cn=Users,dc=example,dc=com']
But this returns false and does not create a user at all.
I assumed I had done something wrong so removed memberOf, ran the first lot of code again to recreate the user. I used the Active Directory Users and Computers tool on my Windows Server to manually add the group to the user. I opened IDLE, setup my connection and ran this (output cut for brevity):
>>> conn.search('dc=example,dc=com', '(objectclass=person)', attributes=['memberOf'])
>>> conn.entries
[...
, DN: CN=username,CN=Users,DC=example,DC=com - STATUS: Read - READ TIME: <snip>
memberOf: CN=My Group,CN=Users,DC=example,DC=com
]
Which other than the caplitised CN and DC was exactly what I had. I tried capitalising mine but it wouldn't work then either. This really puzzled me as I thought I was doing everything right. I've been Googling around and scratching my head for the last hour or two.
tl;dr How do you assign and AD group to an AD user upon creation using Connection.add()