summaryrefslogtreecommitdiff
path: root/examples/LDAP/ldapsync.pl
blob: c112bcc34cb7a1585b4ea3c2636b92c92bada125 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/usr/bin/perl -w

# LDAP to unix password sync script for samba-tng
# originally by Jody Haynes <Jody.Haynes@isunnetworks.com>
# 12/12/2000    milos@interactivesi.com
#               modified for use with MD5 passwords
# 12/16/2000	mami@arena.sci.univr.it
#		modified to change lmpassword and ntpassword for samba
# 05/01/2001	mami@arena.sci.univr.it
#		modified for being also a /bin/passwd replacement
#
# ACHTUNG!!	For servers that support the LDAP Modify password 
#		extended op (e.g. OpenLDAP), see the "ldap password 
#		sync" option in smb.conf(5).  
#

$basedn = "ou=Students,dc=univr, dc=it";
$binddn = "uid=root,dc=univr,dc=it";
$scope = "sub";
$passwd = "mysecret";

foreach $arg (@ARGV) {
	if ($< != 0) {
		die "Only root can specify parameters\n";
	} else {
		if ( ($arg eq '-?') || ($arg eq '--help') ) {
			print "Usage: $0 [-o] [username]\n";
			print "  -o, --without-old-password	do not ask for old password (root only)\n";
			print "  -?, --help			show this help message\n";
			exit (-1);
		} elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) {
			$oldpass = 1;
		} elsif (substr($arg,0) ne '-')  {
			$user = $arg;
			if (!defined(getpwnam($user))) {
				die "$0: Unknown user name '$user'\n";	;
			}
		}
	}
}

if (!defined($user)) {
	$user=$ENV{"USER"};
}

if (!defined($oldpass)) {
	system "stty -echo";
	print "Old password for user $user: ";
	chomp($oldpass=<STDIN>);
	print "\n";
	system "stty echo";

	$ntpwd = `/usr/local/sbin/smbencrypt '$oldpass'`;
	$lmpassword = substr($ntpwd, 0, index($ntpwd, ':')); chomp $lmpassword;
	$ntpassword = substr($ntpwd, index($ntpwd, ':')+1); chomp $ntpassword;

	# Find dn for user $user (maybe check unix password too?)
	$dn=`ldapsearch -b '$basedn' -s '$scope' '(&(uid=$user)(lmpassword=$lmpassword)(ntpassword=$ntpassword))'|head -1`;
	chomp $dn;

	if ($dn eq '') {
		print "Wrong password for user $user!\n";
		exit (-1);
	}
} else {
	# Find dn for user $user
	$dn=`ldapsearch -b '$basedn' -s '$scope' '(uid=$user)'|head -1`;
	chomp $dn;
}

system "stty -echo";
print "New password for user $user: ";
chomp($pass=<STDIN>);
print "\n";
system "stty echo";

system "stty -echo";
print "Retype new password for user $user: ";
chomp($pass2=<STDIN>);
print "\n";
system "stty echo";

if ($pass ne $pass2) {
	die "Wrong password!\n";
} else {
# MD5 password
$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];
$bsalt = "\$1\$"; $esalt = "\$";
$modsalt = $bsalt.$random.$esalt;
$password = crypt($pass, $modsalt);

# LanManager and NT clear text passwords
$ntpwd = `/usr/local/sbin/smbencrypt '$pass'`;
chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1));

$FILE="|/usr/bin/ldapmodify -D '$binddn' -w $passwd";

open FILE or die;

print FILE <<EOF;
dn: $dn
changetype: modify
replace: userPassword
userPassword: {crypt}$password
-
changetype: modify
replace: lmpassword
lmpassword: $lmpassword
-
changetype: modify
replace: ntpassword
ntpassword: $ntpassword
-

EOF
close FILE;

}

exit 0;