change_ldap_pass.pl
2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/usr/bin/perl
=pod
Script to change the LDAP password using the set_password method
to proper setting the password policy attributes
author: Zbigniew Szmyd (zbigniew.szmyd@linseco.pl)
version 1.0 2016-02-22
=cut
use Net::LDAP;
use Net::LDAP::Extension::SetPassword;
use URI;
use utf8;
binmode(STDOUT, ':utf8');
my %PAR = ();
if (my $param = shift @ARGV){
print "Password change in LDAP\n\n";
print "Run script without any parameter and pass the following data:\n";
print "URI\nbaseDN\nFilter\nbindDN\nbindPW\nLogin\nuserPass\nnewPass\nCAfile\n";
exit;
}
foreach my $param ('uri','base','filter','binddn','bindpw','user','pass','new_pass','ca'){
$PAR{$param} = <>;
$PAR{$param} =~ s/\r|\n//g;
}
my @servers = split (/\s+/, $PAR{'uri'});
my $active_server = 0;
my $ldap;
while ((my $server = shift @servers) && !($active_server)) {
my $ldap_uri = URI->new($server);
if ($ldap_uri->secure) {
$ldap = Net::LDAP->new($ldap_uri->as_string,
version => 3,
verify => 'require',
sslversion => 'tlsv1',
cafile => $PAR{'ca'});
} else {
$ldap = Net::LDAP->new($ldap_uri->as_string, version => 3);
}
$active_server = 1 if ($ldap);
}
if ($active_server) {
my $mesg = $ldap->bind($PAR{'binddn'}, password => $PAR{'bindpw'});
if ($mesg->code != 0) {
print "Cannot login: ". $mesg->error;
} else {
# Wyszukanie users wg filtra
$PAR{'filter'} =~ s/\%login/$PAR{'user'}/;
my @search_args = (
base => $PAR{'base'},
scope => 'sub',
filter => $PAR{'filter'},
attrs => ['1.1'],
);
my $result = $ldap->search(@search_args);
if ($result->code) {
print $result->error;
} else {
my $count = $result->count;
if ($count == 1) {
my @users = $result->entries;
my $dn = $users[0]->dn();
$result = $ldap->bind($dn, password => $PAR{'pass'});
if ($result->code){
print $result->error;
} else {
$result = $ldap->set_password(newpasswd => $PAR{'new_pass'});
if ($result->code) {
print $result->error;
} else {
print "OK";
}
}
} else {
print "User not found in LDAP\n" if $count == 0;
print "Found $count users\n";
}
}
}
$ldap->unbind();
} else {
print "Cannot connect to any server";
}