app_head merge for get_friendly_nt_err()
[Samba/gbeck.git] / examples / LDAP / ldapchpasswd
blob0776d9bed1a912ca195a4bf41b92a9d6a34e03c9
1 #!/usr/bin/perl -w
3 # LDAP to unix password sync script for samba-tng
4 # originally by Jody Haynes <Jody.Haynes@isunnetworks.com>
5 # 2000/12/12 milos@interactivesi.com
6 # modified for use with MD5 passwords
7 # 2000/12/16 mami@arena.sci.univr.it
8 # modified to change lmpassword and ntpassword for samba
9 # 2001/01/05 mami@arena.sci.univr.it
10 # modified for being also a /bin/passwd replacement
11 # 2001/01/29 mami@arena.sci.univr.it
12 # now there are two small programs: ldapchpasswd to
13 # change password from unix and ldapsync.pl to sync
14 # from NT/2000. ldapchpasswd do not need clear password.
15 # 2001/01/31 mami@arena.sci.univr.it
16 # add server parameter to ldap commands
17 # 2001/06/20 mami@arena.sci.univr.it
18 # add pwdlastset and shadowlastchange update
20 $basedn = "ou=Students,dc=univr, dc=it";
21 $binddn = "uid=root,dc=univr,dc=it";
22 $scope = "sub";
23 $server = "my_server";
25 foreach $arg (@ARGV) {
26 if ($< != 0) {
27 die "Only root can specify parameters\n";
28 } else {
29 if ( ($arg eq '-?') || ($arg eq '--help') ) {
30 print "Usage: $0 [-o] [username]\n";
31 print " -o, --without-old-password do not ask for old password (root only)\n";
32 print " -?, --help show this help message\n";
33 exit (-1);
34 } elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) {
35 $oldpass = 1;
36 } elsif (substr($arg,0) ne '-') {
37 $user = $arg;
38 if (!defined(getpwnam($user))) {
39 die "$0: Unknown user name '$user'\n"; ;
45 if (!defined($user)) {
46 $user=$ENV{"USER"};
49 # current user's dn
50 my $dn = '';
52 if ($< == 0) {
53 system "stty -echo";
54 print "LDAP password for root DN: ";
55 chomp($passwd=<STDIN>);
56 print "\n";
57 system "stty echo";
58 # Find dn for user $user binding as root's dn
59 chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$binddn' -w '$passwd' '(uid=$user)'|head -1`);
60 if ( ($dn eq '') || ($passwd eq '') ) {
61 print "Wrong LDAP password for root DN!\n";
62 exit (-1);
64 } else {
65 if (!defined($oldpass)) {
66 system "stty -echo";
67 print "Old password for user $user: ";
68 chomp($oldpass=<STDIN>);
69 print "\n";
70 system "stty echo";
72 # Find path to uid
73 chomp($path_to_uid=`ldapsearch -h '$server' -b '$basedn' -s '$scope' '(uid=$user)'|head -1`);
74 # Find old password for user $user binding as self
75 chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$path_to_uid' -w '$oldpass' '(uid=$user)'|head -1`);
77 if ( ($dn eq '') || ($oldpass eq '') ) {
78 print "Wrong password for user $user!\n";
79 exit (-1);
84 system "stty -echo";
85 print "New password for user $user: ";
86 chomp($pass=<STDIN>);
87 print "\n";
88 system "stty echo";
90 system "stty -echo";
91 print "Retype new password for user $user: ";
92 chomp($pass2=<STDIN>);
93 print "\n";
94 system "stty echo";
96 if ( ($pass ne $pass2) || (length($pass)<1) ) {
97 die "Wrong password!\n";
98 } else {
99 # MD5 password
100 $random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];
101 $bsalt = "\$1\$"; $esalt = "\$";
102 $modsalt = $bsalt.$random.$esalt;
103 $password = crypt($pass, $modsalt);
105 # LanManager and NT clear text passwords
106 $ntpwd = `/usr/local/sbin/mkntpwd '$pass'`;
107 chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
108 chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
110 #$FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w $passwd";
111 if ($< != 0) {
112 $FILE="|/usr/bin/ldapmodify -h '$server' -D '$dn' -w '$oldpass'";
113 } else {
114 $FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w '$passwd'";
117 # Chenge time
118 $shadowlastchange=int(time/24/3600);
119 $pwdlastset=sprintf('%x',time);
121 open FILE or die;
123 print FILE <<EOF;
124 dn: $dn
125 changetype: modify
126 replace: userPassword
127 userPassword: {crypt}$password
129 changetype: modify
130 replace: lmpassword
131 lmpassword: $lmpassword
133 changetype: modify
134 replace: ntpassword
135 ntpassword: $ntpassword
137 changetype: modify
138 replace: shadowlastchange
139 shadowlastchange: $shadowlastchange
141 changetype: modify
142 replace: pwdlastset
143 pwdlastset: $pwdlastset
147 close FILE;
151 exit 0;