3 # LDAP to unix password sync script for samba
4 # $Id: smbldap-passwd.pl,v 1.1.2.1 2002/06/04 22:25:39 jerry Exp $
6 # This code was developped by IDEALX (http://IDEALX.org/) and
7 # contributors (their names can be found in the CONTRIBUTORS file).
9 # Copyright (C) 2001-2002 IDEALX
11 # This program is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU General Public License
13 # as published by the Free Software Foundation; either version 2
14 # of the License, or (at your option) any later version.
16 # This program is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 # GNU General Public License for more details.
21 # You should have received a copy of the GNU General Public License
22 # along with this program; if not, write to the Free Software
23 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
27 # . ldap-unix passwd sync for SAMBA-2.2.2 + LDAP
28 # . may also replace /bin/passwd
40 foreach $arg (@ARGV) {
42 die "Only root can specify parameters\n";
44 if ( ($arg eq '-?') || ($arg eq '--help') ) {
45 print "Usage: $0 [username]\n";
46 print " -?, --help show this help message\n";
48 } elsif (substr($arg,0) ne '-') {
55 if (!defined($user)) {
59 # test existence of user in LDAP
61 if (!defined($dn_line = get_user_dn
($user))) {
62 print "$0: user $user doesn't exist\n";
66 my $dn = get_dn_from_line
($dn_line);
68 my $samba = is_samba_user
($user);
70 print "Changing password for $user\n";
73 if (!defined($oldpass)) {
74 # prompt for current password
76 print "(current) UNIX password: ";
77 chomp($oldpass=<STDIN
>);
81 if (!is_user_valid
($user, $dn, $oldpass)) {
82 print "Authentication failure\n";
87 # prompt for new password
93 print "New password : ";
99 print "Retype new password : ";
100 chomp($pass2=<STDIN
>);
104 if ($pass ne $pass2) {
105 print "New passwords don't match!\n";
109 # only modify smb passwords if smb user
111 if (!$with_smbpasswd) {
112 # generate LanManager and NT clear text passwords
113 if ($mk_ntpasswd eq '') {
114 print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
117 my $ntpwd = `$mk_ntpasswd '$pass'`;
118 chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
119 chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
121 # change nt/lm passwords
126 lmpassword: $lmpassword
130 ntpassword: $ntpassword
134 die "$0: error while modifying password for $user\n"
135 unless (do_ldapmodify
($tmpldif) == 0);
140 my $FILE="|$smbpasswd -s >/dev/null";
141 open (FILE
, $FILE) || die "$!\n";
150 my $FILE="|$smbpasswd $user -s >/dev/null";
151 open (FILE
, $FILE) || die "$!\n";
161 # change unix password
162 $ret = system "$ldappasswd $dn -s '$pass' > /dev/null";
164 print "all authentication tokens updated successfully\n";
176 smbldap-passwd.pl - change user password
180 smbldap-passwd.pl [name]
184 smbldap-passwd.pl changes passwords for user accounts. A normal user
185 may only change the password for their own account, the super user may
186 change the password for any account.
189 The user is first prompted for their old password, if one is present.
190 This password is then tested against the stored password by binding
191 to the server. The user has only one chance to enter the correct pass-
192 word. The super user is permitted to bypass this step so that forgot-
193 ten passwords may be changed.
195 The user is then prompted for a replacement password. As a general
196 guideline, passwords should consist of 6 to 8 characters including
197 one or more from each of following sets:
199 Lower case alphabetics
201 Upper case alphabetics
207 passwd will prompt again and compare the second entry against the first.
208 Both entries are require to match in order for the password to be