search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
r588: Some fixes from coolo ...
[Samba/gebeck_regimport.git] / examples / LDAP / ldapsync.pl
blobc112bcc34cb7a1585b4ea3c2636b92c92bada125
1 #!/usr/bin/perl -w
2
3 # LDAP to unix password sync script for samba-tng
4 # originally by Jody Haynes <Jody.Haynes@isunnetworks.com>
5 # 12/12/2000 milos@interactivesi.com
6 # modified for use with MD5 passwords
7 # 12/16/2000 mami@arena.sci.univr.it
8 # modified to change lmpassword and ntpassword for samba
9 # 05/01/2001 mami@arena.sci.univr.it
10 # modified for being also a /bin/passwd replacement
11 #
12 # ACHTUNG!! For servers that support the LDAP Modify password
13 # extended op (e.g. OpenLDAP), see the "ldap password
14 # sync" option in smb.conf(5).
15 #
16
17 $basedn = "ou=Students,dc=univr, dc=it";
18 $binddn = "uid=root,dc=univr,dc=it";
19 $scope = "sub";
20 $passwd = "mysecret";
21
22 foreach $arg (@ARGV) {
23 if ($< != 0) {
24 die "Only root can specify parameters\n";
25 } else {
26 if ( ($arg eq '-?') || ($arg eq '--help') ) {
27 print "Usage: $0 [-o] [username]\n";
28 print " -o, --without-old-password do not ask for old password (root only)\n";
29 print " -?, --help show this help message\n";
30 exit (-1);
31 } elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) {
32 $oldpass = 1;
33 } elsif (substr($arg,0) ne '-') {
34 $user = $arg;
35 if (!defined(getpwnam($user))) {
36 die "$0: Unknown user name '$user'\n"; ;
37 }
38 }
39 }
40 }
41
42 if (!defined($user)) {
43 $user=$ENV{"USER"};
44 }
45
46 if (!defined($oldpass)) {
47 system "stty -echo";
48 print "Old password for user $user: ";
49 chomp($oldpass=<STDIN>);
50 print "\n";
51 system "stty echo";
52
53 $ntpwd = `/usr/local/sbin/smbencrypt '$oldpass'`;
54 $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')); chomp $lmpassword;
55 $ntpassword = substr($ntpwd, index($ntpwd, ':')+1); chomp $ntpassword;
56
57 # Find dn for user $user (maybe check unix password too?)
58 $dn=`ldapsearch -b '$basedn' -s '$scope' '(&(uid=$user)(lmpassword=$lmpassword)(ntpassword=$ntpassword))'|head -1`;
59 chomp $dn;
60
61 if ($dn eq '') {
62 print "Wrong password for user $user!\n";
63 exit (-1);
64 }
65 } else {
66 # Find dn for user $user
67 $dn=`ldapsearch -b '$basedn' -s '$scope' '(uid=$user)'|head -1`;
68 chomp $dn;
69 }
70
71 system "stty -echo";
72 print "New password for user $user: ";
73 chomp($pass=<STDIN>);
74 print "\n";
75 system "stty echo";
76
77 system "stty -echo";
78 print "Retype new password for user $user: ";
79 chomp($pass2=<STDIN>);
80 print "\n";
81 system "stty echo";
82
83 if ($pass ne $pass2) {
84 die "Wrong password!\n";
85 } else {
86 # MD5 password
87 $random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];
88 $bsalt = "\$1\$"; $esalt = "\$";
89 $modsalt = $bsalt.$random.$esalt;
90 $password = crypt($pass, $modsalt);
91
92 # LanManager and NT clear text passwords
93 $ntpwd = `/usr/local/sbin/smbencrypt '$pass'`;
94 chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
95 chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
96
97 $FILE="|/usr/bin/ldapmodify -D '$binddn' -w $passwd";
98
99 open FILE or die;
100
101 print FILE <<EOF;
102 dn: $dn
103 changetype: modify
104 replace: userPassword
105 userPassword: {crypt}$password
106 -
107 changetype: modify
108 replace: lmpassword
109 lmpassword: $lmpassword
110 -
111 changetype: modify
112 replace: ntpassword
113 ntpassword: $ntpassword
114 -
115
116 EOF
117 close FILE;
118
119 }
120
121 exit 0;
122
reg import