您应该使用包含一组控制位的属性userAccountControl".

You should use the attribute 'userAccountControl' which contains a set of control bits.

如果你是管理普通用户，启用用户:

If you are managing normal users, to enable user:

userAccountControl = 512

并禁用它:

userAccountControl = 514

一般来说，如果您想启用/禁用现有用户，您应该检索当前值并以这种方式更新它.

Generally, if you want to enable/disable an existing user, you should retrieve current value and update it this way.

userADAccountControlFlag = 2
userAccountControl = user.userAccountControl

# To enable user:
userAccountControl = userAccountControl & ~userADAccountControlFlag # (& bit-wise AND, ~ bit-wise Negate)

# To disable user:
userAccountControl = userAccountControl | userADAccountControlFlag # (| bit-wise OR)

user.userAccountControl = userAccountControl

# Then update user on ldap server

您可以在此处找到有关 userAccountControl 属性的更多信息:http://www.selfadsi.org/ads-attributes/user-userAccountControl.htm

you can find more about userAccountControl attribute here: http://www.selfadsi.org/ads-attributes/user-userAccountControl.htm