You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
88 lines
2.6 KiB
Perl
88 lines
2.6 KiB
Perl
#!/usr/bin/perl
|
|
=pod
|
|
Script to change the LDAP password using the set_password method
|
|
to proper setting the password policy attributes
|
|
author: Zbigniew Szmyd (zbigniew.szmyd@linseco.pl)
|
|
version 1.0 2016-02-22
|
|
=cut
|
|
|
|
use Net::LDAP;
|
|
use Net::LDAP::Extension::SetPassword;
|
|
use URI;
|
|
use utf8;
|
|
binmode(STDOUT, ':utf8');
|
|
|
|
my %PAR = ();
|
|
if (my $param = shift @ARGV){
|
|
print "Password change in LDAP\n\n";
|
|
print "Run script without any parameter and pass the following data:\n";
|
|
print "URI\nbaseDN\nFilter\nbindDN\nbindPW\nLogin\nuserPass\nnewPass\nCAfile\n";
|
|
exit;
|
|
}
|
|
|
|
foreach my $param ('uri','base','filter','binddn','bindpw','user','pass','new_pass','ca'){
|
|
$PAR{$param} = <>;
|
|
$PAR{$param} =~ s/\r|\n//g;
|
|
}
|
|
|
|
my @servers = split (/\s+/, $PAR{'uri'});
|
|
my $active_server = 0;
|
|
|
|
my $ldap;
|
|
while ((my $serwer = shift @servers) && !($active_server)) {
|
|
my $ldap_uri = URI->new($serwer);
|
|
if ($ldap_uri->secure) {
|
|
$ldap = Net::LDAP->new($ldap_uri->as_string,
|
|
version => 3,
|
|
verify => 'require',
|
|
sslversion => 'tlsv1',
|
|
cafile => $PAR{'ca'});
|
|
} else {
|
|
$ldap = Net::LDAP->new($ldap_uri->as_string, version => 3);
|
|
}
|
|
$active_server = 1 if ($ldap);
|
|
}
|
|
|
|
if ($active_server) {
|
|
my $mesg = $ldap->bind($PAR{'binddn'}, password => $PAR{'bindpw'});
|
|
if ($mesg->code != 0) {
|
|
print "Cannot login: ". $mesg->error;
|
|
} else {
|
|
# Wyszukanie usera wg filtra
|
|
$PAR{'filter'} =~ s/\%login/$PAR{'user'}/;
|
|
my @search_args = (
|
|
base => $PAR{'base'},
|
|
scope => 'sub',
|
|
filter => $PAR{'filter'},
|
|
attrs => ['1.1'],
|
|
);
|
|
my $result = $ldap->search(@search_args);
|
|
if ($result->code) {
|
|
print $result->error;
|
|
} else {
|
|
my $count = $result->count;
|
|
if ($count == 1) {
|
|
my @users = $result->entries;
|
|
my $dn = $users[0]->dn();
|
|
$result = $ldap->bind($dn, password => $PAR{'pass'});
|
|
if ($result->code){
|
|
print $result->error;
|
|
} else {
|
|
$result = $ldap->set_password(newpasswd => $PAR{'new_pass'});
|
|
if ($result->code) {
|
|
print $result->error;
|
|
} else {
|
|
print "OK";
|
|
}
|
|
}
|
|
} else {
|
|
print "User not found in LDAP\n" if $count == 0;
|
|
print "Found $count users\n";
|
|
}
|
|
}
|
|
}
|
|
$ldap->unbind();
|
|
} else {
|
|
print "Cannot connect to any server";
|
|
}
|