From b6bbc39204a4676922099ab78b6c48009266d1bb Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 26 Dec 2001 05:35:40 +0000
Subject: sync with 2.2 (This used to be commit
 aca58b0b72d2eb5024b4d5103fde5b281212d714)

---
 examples/LDAP/ldapchpasswd | 152 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 152 insertions(+)
 create mode 100644 examples/LDAP/ldapchpasswd

(limited to 'examples/LDAP/ldapchpasswd')

diff --git a/examples/LDAP/ldapchpasswd b/examples/LDAP/ldapchpasswd
new file mode 100644
index 0000000000..0776d9bed1
--- /dev/null
+++ b/examples/LDAP/ldapchpasswd
@@ -0,0 +1,152 @@
+#!/usr/bin/perl -w
+
+# LDAP to unix password sync script for samba-tng
+# originally by Jody Haynes <Jody.Haynes@isunnetworks.com>
+# 2000/12/12    milos@interactivesi.com
+#               modified for use with MD5 passwords
+# 2000/12/16	mami@arena.sci.univr.it
+#		modified to change lmpassword and ntpassword for samba
+# 2001/01/05	mami@arena.sci.univr.it
+#		modified for being also a /bin/passwd replacement
+# 2001/01/29	mami@arena.sci.univr.it
+#		now there are two small programs: ldapchpasswd to
+#		change password from unix and ldapsync.pl to sync
+#		from NT/2000. ldapchpasswd do not need clear password.
+# 2001/01/31	mami@arena.sci.univr.it
+#		add server parameter to ldap commands
+# 2001/06/20	mami@arena.sci.univr.it
+#		add pwdlastset and shadowlastchange update
+
+$basedn = "ou=Students,dc=univr, dc=it";
+$binddn = "uid=root,dc=univr,dc=it";
+$scope = "sub";
+$server = "my_server";
+
+foreach $arg (@ARGV) {
+	if ($< != 0) {
+		die "Only root can specify parameters\n";
+	} else {
+		if ( ($arg eq '-?') || ($arg eq '--help') ) {
+			print "Usage: $0 [-o] [username]\n";
+			print "  -o, --without-old-password	do not ask for old password (root only)\n";
+			print "  -?, --help			show this help message\n";
+			exit (-1);
+		} elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) {
+			$oldpass = 1;
+		} elsif (substr($arg,0) ne '-')  {
+			$user = $arg;
+			if (!defined(getpwnam($user))) {
+				die "$0: Unknown user name '$user'\n";	;
+			}
+		}
+	}
+}
+
+if (!defined($user)) {
+	$user=$ENV{"USER"};
+}
+
+# current user's dn
+my $dn = '';
+
+if ($< == 0) {
+	system "stty -echo";
+	print "LDAP password for root DN: ";
+	chomp($passwd=<STDIN>);
+	print "\n";
+	system "stty echo";
+	# Find dn for user $user binding as root's dn
+	chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$binddn' -w '$passwd' '(uid=$user)'|head -1`);
+	if ( ($dn eq '') || ($passwd eq '') ) {
+		print "Wrong LDAP password for root DN!\n";
+		exit (-1);
+	}
+} else {
+	if (!defined($oldpass)) {
+		system "stty -echo";
+		print "Old password for user $user: ";
+		chomp($oldpass=<STDIN>);
+		print "\n";
+		system "stty echo";
+
+		# Find path to uid
+		chomp($path_to_uid=`ldapsearch -h '$server' -b '$basedn' -s '$scope' '(uid=$user)'|head -1`);
+		# Find old password for user $user binding as self
+		chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$path_to_uid' -w '$oldpass' '(uid=$user)'|head -1`);
+
+		if ( ($dn eq '') || ($oldpass eq '') ) {
+			print "Wrong password for user $user!\n";
+			exit (-1);
+		}
+	} 
+}
+
+system "stty -echo";
+print "New password for user $user: ";
+chomp($pass=<STDIN>);
+print "\n";
+system "stty echo";
+
+system "stty -echo";
+print "Retype new password for user $user: ";
+chomp($pass2=<STDIN>);
+print "\n";
+system "stty echo";
+
+if ( ($pass ne $pass2) || (length($pass)<1) ) {
+	die "Wrong password!\n";
+} else {
+# MD5 password
+$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];
+$bsalt = "\$1\$"; $esalt = "\$";
+$modsalt = $bsalt.$random.$esalt;
+$password = crypt($pass, $modsalt);
+
+# LanManager and NT clear text passwords
+$ntpwd = `/usr/local/sbin/mkntpwd '$pass'`;
+chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
+chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
+
+#$FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w $passwd";
+if ($< != 0) {
+        $FILE="|/usr/bin/ldapmodify -h '$server' -D '$dn' -w '$oldpass'";
+} else {
+        $FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w '$passwd'";
+}
+
+# Chenge time
+$shadowlastchange=int(time/24/3600);
+$pwdlastset=sprintf('%x',time);
+
+open FILE or die;
+
+print FILE <<EOF;
+dn: $dn
+changetype: modify
+replace: userPassword
+userPassword: {crypt}$password
+-
+changetype: modify
+replace: lmpassword
+lmpassword: $lmpassword
+-
+changetype: modify
+replace: ntpassword
+ntpassword: $ntpassword
+-
+changetype: modify
+replace: shadowlastchange
+shadowlastchange: $shadowlastchange
+-
+changetype: modify
+replace: pwdlastset
+pwdlastset: $pwdlastset
+-
+
+EOF
+close FILE;
+
+}
+
+exit 0;
+
-- 
cgit