|
0
|
1 #!/usr/bin/perl
|
|
|
2 =pod
|
|
|
3 Script to change the LDAP password using the set_password method
|
|
|
4 to proper setting the password policy attributes
|
|
|
5 author: Zbigniew Szmyd (zbigniew.szmyd@linseco.pl)
|
|
|
6 version 1.0 2016-02-22
|
|
|
7 =cut
|
|
|
8
|
|
|
9 use Net::LDAP;
|
|
|
10 use Net::LDAP::Extension::SetPassword;
|
|
|
11 use URI;
|
|
|
12 use utf8;
|
|
|
13 binmode(STDOUT, ':utf8');
|
|
|
14
|
|
|
15 my %PAR = ();
|
|
|
16 if (my $param = shift @ARGV){
|
|
|
17 print "Password change in LDAP\n\n";
|
|
|
18 print "Run script without any parameter and pass the following data:\n";
|
|
|
19 print "URI\nbaseDN\nFilter\nbindDN\nbindPW\nLogin\nuserPass\nnewPass\nCAfile\n";
|
|
|
20 exit;
|
|
|
21 }
|
|
|
22
|
|
|
23 foreach my $param ('uri','base','filter','binddn','bindpw','user','pass','new_pass','ca'){
|
|
|
24 $PAR{$param} = <>;
|
|
|
25 $PAR{$param} =~ s/\r|\n//g;
|
|
|
26 }
|
|
|
27
|
|
|
28 my @servers = split (/\s+/, $PAR{'uri'});
|
|
|
29 my $active_server = 0;
|
|
|
30
|
|
|
31 my $ldap;
|
|
|
32 while ((my $serwer = shift @servers) && !($active_server)) {
|
|
|
33 my $ldap_uri = URI->new($serwer);
|
|
|
34 if ($ldap_uri->secure) {
|
|
|
35 $ldap = Net::LDAP->new($ldap_uri->as_string,
|
|
|
36 version => 3,
|
|
|
37 verify => 'require',
|
|
|
38 sslversion => 'tlsv1',
|
|
|
39 cafile => $PAR{'ca'});
|
|
|
40 } else {
|
|
|
41 $ldap = Net::LDAP->new($ldap_uri->as_string, version => 3);
|
|
|
42 }
|
|
|
43 $active_server = 1 if ($ldap);
|
|
|
44 }
|
|
|
45
|
|
|
46 if ($active_server) {
|
|
|
47 my $mesg = $ldap->bind($PAR{'binddn'}, password => $PAR{'bindpw'});
|
|
|
48 if ($mesg->code != 0) {
|
|
|
49 print "Cannot login: ". $mesg->error;
|
|
|
50 } else {
|
|
|
51 # Wyszukanie users wg filtra
|
|
|
52 $PAR{'filter'} =~ s/\%login/$PAR{'user'}/;
|
|
|
53 my @search_args = (
|
|
|
54 base => $PAR{'base'},
|
|
|
55 scope => 'sub',
|
|
|
56 filter => $PAR{'filter'},
|
|
|
57 attrs => ['1.1'],
|
|
|
58 );
|
|
|
59 my $result = $ldap->search(@search_args);
|
|
|
60 if ($result->code) {
|
|
|
61 print $result->error;
|
|
|
62 } else {
|
|
|
63 my $count = $result->count;
|
|
|
64 if ($count == 1) {
|
|
|
65 my @users = $result->entries;
|
|
|
66 my $dn = $users[0]->dn();
|
|
|
67 $result = $ldap->bind($dn, password => $PAR{'pass'});
|
|
|
68 if ($result->code){
|
|
|
69 print $result->error;
|
|
|
70 } else {
|
|
|
71 $result = $ldap->set_password(newpasswd => $PAR{'new_pass'});
|
|
|
72 if ($result->code) {
|
|
|
73 print $result->error;
|
|
|
74 } else {
|
|
|
75 print "OK";
|
|
|
76 }
|
|
|
77 }
|
|
|
78 } else {
|
|
|
79 print "User not found in LDAP\n" if $count == 0;
|
|
|
80 print "Found $count users\n";
|
|
|
81 }
|
|
|
82 }
|
|
|
83 }
|
|
|
84 $ldap->unbind();
|
|
|
85 } else {
|
|
|
86 print "Cannot connect to any server";
|
|
|
87 }
|
