Python操作AD使用LDAP3(ConnectionResetError: [Errno 104] Connection reset by peer)

问题描述

AD域:Windows Server 2019

Python版本:3.9

LDAP3版本:2.9

报错信息如下:

Traceback (most recent call last):
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/strategy/base.py", line 881, in sending
    self.connection.socket.sendall(encoded_message)
  File "/usr/local/Python-3.9.0/lib/python3.9/ssl.py", line 1207, in sendall
    return super().sendall(data, flags)
ConnectionResetError: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/scripts/Sync_Users.py", line 191, in <module>
    print(Sync_Users(Regular_Revision_Password,ServerPool_List,Server_IP,Client_Key,domain,Admin_User,Password).Get_Add_Users())
  File "/scripts/Sync_Users.py", line 93, in __init__
    self.AD_Obj=AD(self.ServerPool_List,domain,Admin_User,Password)
  File "/scripts/Sync_Users.py", line 25, in __init__
    self.conn=Connection(Server_pool, user=Domain + '\\' + UserName, password=Password, authentication=NTLM, auto_bind=True)
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 363, in __init__
    self._do_auto_bind()
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 389, in _do_auto_bind
    self.bind(read_server_info=True)
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 628, in bind
    response = self.do_ntlm_bind(controls)
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 1373, in do_ntlm_bind
    response = self.post_send_single_response(self.send('bindRequest', request, controls))
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/strategy/base.py", line 331, in send
    self.sending(ldap_message)
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/strategy/base.py", line 892, in sending
    raise communication_exception_factory(LDAPSocketSendError, type(e)(str(e)))(self.connection.last_error)
ldap3.core.exceptions.LDAPSocketSendError: socket sending error[Errno 104] Connection reset by peer
[root@kms scripts]#

解决方案

image

AD域中安装证书服务器及IIS服务器即可。

备注:

有时证书服务器安装完毕后,也无法进行连接,需要看颁发证书服务器的域控制器是否将证书颁发成功,如没有颁发成功,需要手工注册。

多域控的环境中,其它服务器因为没有信任该证书服务器,需要将证书服务器添加信任的根颁发证书中。

借鉴资料:

https://ithelp.ithome.com.tw/articles/10229428

2021-6-17 13:40:18

点赞