diff options
Diffstat (limited to 'examples/LDAP/ldapchpasswd')
-rw-r--r-- | examples/LDAP/ldapchpasswd | 152 |
1 files changed, 152 insertions, 0 deletions
diff --git a/examples/LDAP/ldapchpasswd b/examples/LDAP/ldapchpasswd new file mode 100644 index 0000000000..0776d9bed1 --- /dev/null +++ b/examples/LDAP/ldapchpasswd @@ -0,0 +1,152 @@ +#!/usr/bin/perl -w + +# LDAP to unix password sync script for samba-tng +# originally by Jody Haynes <Jody.Haynes@isunnetworks.com> +# 2000/12/12 milos@interactivesi.com +# modified for use with MD5 passwords +# 2000/12/16 mami@arena.sci.univr.it +# modified to change lmpassword and ntpassword for samba +# 2001/01/05 mami@arena.sci.univr.it +# modified for being also a /bin/passwd replacement +# 2001/01/29 mami@arena.sci.univr.it +# now there are two small programs: ldapchpasswd to +# change password from unix and ldapsync.pl to sync +# from NT/2000. ldapchpasswd do not need clear password. +# 2001/01/31 mami@arena.sci.univr.it +# add server parameter to ldap commands +# 2001/06/20 mami@arena.sci.univr.it +# add pwdlastset and shadowlastchange update + +$basedn = "ou=Students,dc=univr, dc=it"; +$binddn = "uid=root,dc=univr,dc=it"; +$scope = "sub"; +$server = "my_server"; + +foreach $arg (@ARGV) { + if ($< != 0) { + die "Only root can specify parameters\n"; + } else { + if ( ($arg eq '-?') || ($arg eq '--help') ) { + print "Usage: $0 [-o] [username]\n"; + print " -o, --without-old-password do not ask for old password (root only)\n"; + print " -?, --help show this help message\n"; + exit (-1); + } elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) { + $oldpass = 1; + } elsif (substr($arg,0) ne '-') { + $user = $arg; + if (!defined(getpwnam($user))) { + die "$0: Unknown user name '$user'\n"; ; + } + } + } +} + +if (!defined($user)) { + $user=$ENV{"USER"}; +} + +# current user's dn +my $dn = ''; + +if ($< == 0) { + system "stty -echo"; + print "LDAP password for root DN: "; + chomp($passwd=<STDIN>); + print "\n"; + system "stty echo"; + # Find dn for user $user binding as root's dn + chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$binddn' -w '$passwd' '(uid=$user)'|head -1`); + if ( ($dn eq '') || ($passwd eq '') ) { + print "Wrong LDAP password for root DN!\n"; + exit (-1); + } +} else { + if (!defined($oldpass)) { + system "stty -echo"; + print "Old password for user $user: "; + chomp($oldpass=<STDIN>); + print "\n"; + system "stty echo"; + + # Find path to uid + chomp($path_to_uid=`ldapsearch -h '$server' -b '$basedn' -s '$scope' '(uid=$user)'|head -1`); + # Find old password for user $user binding as self + chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$path_to_uid' -w '$oldpass' '(uid=$user)'|head -1`); + + if ( ($dn eq '') || ($oldpass eq '') ) { + print "Wrong password for user $user!\n"; + exit (-1); + } + } +} + +system "stty -echo"; +print "New password for user $user: "; +chomp($pass=<STDIN>); +print "\n"; +system "stty echo"; + +system "stty -echo"; +print "Retype new password for user $user: "; +chomp($pass2=<STDIN>); +print "\n"; +system "stty echo"; + +if ( ($pass ne $pass2) || (length($pass)<1) ) { + die "Wrong password!\n"; +} else { +# MD5 password +$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64]; +$bsalt = "\$1\$"; $esalt = "\$"; +$modsalt = $bsalt.$random.$esalt; +$password = crypt($pass, $modsalt); + +# LanManager and NT clear text passwords +$ntpwd = `/usr/local/sbin/mkntpwd '$pass'`; +chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':'))); +chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1)); + +#$FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w $passwd"; +if ($< != 0) { + $FILE="|/usr/bin/ldapmodify -h '$server' -D '$dn' -w '$oldpass'"; +} else { + $FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w '$passwd'"; +} + +# Chenge time +$shadowlastchange=int(time/24/3600); +$pwdlastset=sprintf('%x',time); + +open FILE or die; + +print FILE <<EOF; +dn: $dn +changetype: modify +replace: userPassword +userPassword: {crypt}$password +- +changetype: modify +replace: lmpassword +lmpassword: $lmpassword +- +changetype: modify +replace: ntpassword +ntpassword: $ntpassword +- +changetype: modify +replace: shadowlastchange +shadowlastchange: $shadowlastchange +- +changetype: modify +replace: pwdlastset +pwdlastset: $pwdlastset +- + +EOF +close FILE; + +} + +exit 0; + |