Python操作AD使用LDAP3（ConnectionResetError: [Errno 104] Connection reset by peer）

2021年6月17日 1995点热度 2人点赞 0条评论

问题描述

AD域：Windows Server 2019

Python版本：3.9

LDAP3版本：2.9

报错信息如下：

Traceback (most recent call last):
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/strategy/base.py", line 881, in sending
    self.connection.socket.sendall(encoded_message)
  File "/usr/local/Python-3.9.0/lib/python3.9/ssl.py", line 1207, in sendall
    return super().sendall(data, flags)
ConnectionResetError: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/scripts/Sync_Users.py", line 191, in <module>
    print(Sync_Users(Regular_Revision_Password,ServerPool_List,Server_IP,Client_Key,domain,Admin_User,Password).Get_Add_Users())
  File "/scripts/Sync_Users.py", line 93, in __init__
    self.AD_Obj=AD(self.ServerPool_List,domain,Admin_User,Password)
  File "/scripts/Sync_Users.py", line 25, in __init__
    self.conn=Connection(Server_pool, user=Domain + '\\' + UserName, password=Password, authentication=NTLM, auto_bind=True)
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 363, in __init__
    self._do_auto_bind()
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 389, in _do_auto_bind
    self.bind(read_server_info=True)
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 628, in bind
    response = self.do_ntlm_bind(controls)
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 1373, in do_ntlm_bind
    response = self.post_send_single_response(self.send('bindRequest', request, controls))
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/strategy/base.py", line 331, in send
    self.sending(ldap_message)
  File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/strategy/base.py", line 892, in sending
    raise communication_exception_factory(LDAPSocketSendError, type(e)(str(e)))(self.connection.last_error)
ldap3.core.exceptions.LDAPSocketSendError: socket sending error[Errno 104] Connection reset by peer
[root@kms scripts]#

Traceback (most recent call last):

File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/strategy/base.py", line 881, in sending

self.connection.socket.sendall(encoded_message)

File "/usr/local/Python-3.9.0/lib/python3.9/ssl.py", line 1207, in sendall

return super().sendall(data, flags)

ConnectionResetError: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last):

File "/scripts/Sync_Users.py", line 191, in <module>

print(Sync_Users(Regular_Revision_Password,ServerPool_List,Server_IP,Client_Key,domain,Admin_User,Password).Get_Add_Users())

File "/scripts/Sync_Users.py", line 93, in __init__

self.AD_Obj=AD(self.ServerPool_List,domain,Admin_User,Password)

File "/scripts/Sync_Users.py", line 25, in __init__

self.conn=Connection(Server_pool, user=Domain + '\\' + UserName, password=Password, authentication=NTLM, auto_bind=True)

File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 363, in __init__

self._do_auto_bind()

File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 389, in _do_auto_bind

self.bind(read_server_info=True)

File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 628, in bind

response = self.do_ntlm_bind(controls)

File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/core/connection.py", line 1373, in do_ntlm_bind

response = self.post_send_single_response(self.send('bindRequest', request, controls))

File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/strategy/base.py", line 331, in send

self.sending(ldap_message)

File "/usr/local/Python-3.9.0/lib/python3.9/site-packages/ldap3/strategy/base.py", line 892, in sending

raise communication_exception_factory(LDAPSocketSendError, type(e)(str(e)))(self.connection.last_error)

ldap3.core.exceptions.LDAPSocketSendError: socket sending error[Errno 104] Connection reset by peer

[root@kms scripts]#

解决方案

AD域中安装证书服务器及IIS服务器即可。

备注：

有时证书服务器安装完毕后，也无法进行连接，需要看颁发证书服务器的域控制器是否将证书颁发成功，如没有颁发成功，需要手工注册。

多域控的环境中，其它服务器因为没有信任该证书服务器，需要将证书服务器添加信任的根颁发证书中。

借鉴资料：

https://ithelp.ithome.com.tw/articles/10229428

2021-6-17 13:40:18

本作品采用知识共享署名 4.0 国际许可协议进行许可