周海龙 / mail_manage · 文件

转到一个项目
change_ldap_pass.pl 2.6 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 
#!/usr/bin/perl
=pod
Script to change the LDAP password using the set_password method
to proper setting the password policy attributes
author: Zbigniew Szmyd (zbigniew.szmyd@linseco.pl)
version 1.0 2016-02-22
=cut

use Net::LDAP;
use Net::LDAP::Extension::SetPassword;
use URI;
use utf8;
binmode(STDOUT, ':utf8');

my %PAR = ();
if (my $param = shift @ARGV){
    print "Password change in LDAP\n\n";
    print "Run script without any parameter and pass the following data:\n";
    print "URI\nbaseDN\nFilter\nbindDN\nbindPW\nLogin\nuserPass\nnewPass\nCAfile\n";
    exit;
}

foreach my $param ('uri','base','filter','binddn','bindpw','user','pass','new_pass','ca'){
    $PAR{$param} = <>;
    $PAR{$param} =~ s/\r|\n//g;
}

my @servers = split (/\s+/, $PAR{'uri'});
my $active_server = 0;

my $ldap;
while ((my $server = shift @servers) && !($active_server)) {
    my $ldap_uri = URI->new($server);
    if ($ldap_uri->secure) {
        $ldap = Net::LDAP->new($ldap_uri->as_string,
            version => 3,
            verify  => 'require',
            sslversion => 'tlsv1',
            cafile  => $PAR{'ca'});
    } else {
        $ldap = Net::LDAP->new($ldap_uri->as_string, version => 3);
    }
    $active_server = 1 if ($ldap);
}

if ($active_server) {
    my $mesg = $ldap->bind($PAR{'binddn'}, password => $PAR{'bindpw'});
    if ($mesg->code != 0) {
        print "Cannot login: ". $mesg->error;
    } else {
        # Wyszukanie users wg filtra
        $PAR{'filter'} =~ s/\%login/$PAR{'user'}/;
        my @search_args = (
            base => $PAR{'base'},
            scope  => 'sub',
            filter => $PAR{'filter'},
            attrs  => ['1.1'],
        );
        my $result = $ldap->search(@search_args);
        if ($result->code) {
            print $result->error;
        } else {
            my $count = $result->count;
            if ($count == 1) {
                my @users = $result->entries;
                my $dn = $users[0]->dn();
                $result = $ldap->bind($dn, password => $PAR{'pass'});
                if ($result->code){
                    print $result->error;
                } else {
                    $result = $ldap->set_password(newpasswd => $PAR{'new_pass'});
                    if ($result->code) {
                        print $result->error;
                    } else {
                        print "OK";
                    }
                }
            } else {
                print "User not found in LDAP\n" if $count == 0;
                print "Found $count users\n";
            }
        }
    }
    $ldap->unbind();
} else {
    print "Cannot connect to any server";
}