Mercurial > hg > rc1
comparison plugins/password/helpers/change_ldap_pass.pl @ 0:1e000243b222
vanilla 1.3.3 distro, I hope
| author | Charlie Root |
|---|---|
| date | Thu, 04 Jan 2018 15:50:29 -0500 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:1e000243b222 |
|---|---|
| 1 #!/usr/bin/perl | |
| 2 =pod | |
| 3 Script to change the LDAP password using the set_password method | |
| 4 to proper setting the password policy attributes | |
| 5 author: Zbigniew Szmyd (zbigniew.szmyd@linseco.pl) | |
| 6 version 1.0 2016-02-22 | |
| 7 =cut | |
| 8 | |
| 9 use Net::LDAP; | |
| 10 use Net::LDAP::Extension::SetPassword; | |
| 11 use URI; | |
| 12 use utf8; | |
| 13 binmode(STDOUT, ':utf8'); | |
| 14 | |
| 15 my %PAR = (); | |
| 16 if (my $param = shift @ARGV){ | |
| 17 print "Password change in LDAP\n\n"; | |
| 18 print "Run script without any parameter and pass the following data:\n"; | |
| 19 print "URI\nbaseDN\nFilter\nbindDN\nbindPW\nLogin\nuserPass\nnewPass\nCAfile\n"; | |
| 20 exit; | |
| 21 } | |
| 22 | |
| 23 foreach my $param ('uri','base','filter','binddn','bindpw','user','pass','new_pass','ca'){ | |
| 24 $PAR{$param} = <>; | |
| 25 $PAR{$param} =~ s/\r|\n//g; | |
| 26 } | |
| 27 | |
| 28 my @servers = split (/\s+/, $PAR{'uri'}); | |
| 29 my $active_server = 0; | |
| 30 | |
| 31 my $ldap; | |
| 32 while ((my $serwer = shift @servers) && !($active_server)) { | |
| 33 my $ldap_uri = URI->new($serwer); | |
| 34 if ($ldap_uri->secure) { | |
| 35 $ldap = Net::LDAP->new($ldap_uri->as_string, | |
| 36 version => 3, | |
| 37 verify => 'require', | |
| 38 sslversion => 'tlsv1', | |
| 39 cafile => $PAR{'ca'}); | |
| 40 } else { | |
| 41 $ldap = Net::LDAP->new($ldap_uri->as_string, version => 3); | |
| 42 } | |
| 43 $active_server = 1 if ($ldap); | |
| 44 } | |
| 45 | |
| 46 if ($active_server) { | |
| 47 my $mesg = $ldap->bind($PAR{'binddn'}, password => $PAR{'bindpw'}); | |
| 48 if ($mesg->code != 0) { | |
| 49 print "Cannot login: ". $mesg->error; | |
| 50 } else { | |
| 51 # Wyszukanie users wg filtra | |
| 52 $PAR{'filter'} =~ s/\%login/$PAR{'user'}/; | |
| 53 my @search_args = ( | |
| 54 base => $PAR{'base'}, | |
| 55 scope => 'sub', | |
| 56 filter => $PAR{'filter'}, | |
| 57 attrs => ['1.1'], | |
| 58 ); | |
| 59 my $result = $ldap->search(@search_args); | |
| 60 if ($result->code) { | |
| 61 print $result->error; | |
| 62 } else { | |
| 63 my $count = $result->count; | |
| 64 if ($count == 1) { | |
| 65 my @users = $result->entries; | |
| 66 my $dn = $users[0]->dn(); | |
| 67 $result = $ldap->bind($dn, password => $PAR{'pass'}); | |
| 68 if ($result->code){ | |
| 69 print $result->error; | |
| 70 } else { | |
| 71 $result = $ldap->set_password(newpasswd => $PAR{'new_pass'}); | |
| 72 if ($result->code) { | |
| 73 print $result->error; | |
| 74 } else { | |
| 75 print "OK"; | |
| 76 } | |
| 77 } | |
| 78 } else { | |
| 79 print "User not found in LDAP\n" if $count == 0; | |
| 80 print "Found $count users\n"; | |
| 81 } | |
| 82 } | |
| 83 } | |
| 84 $ldap->unbind(); | |
| 85 } else { | |
| 86 print "Cannot connect to any server"; | |
| 87 } |