Here it is. I was using it to change password on openldap + samba using ldap. Samba has its own password attribute. This script takes password from user, encrypt it in crypt + call smbpasswd to set password aswell.

$ cat sambaldapnewpass 
#!/bin/bash

#ask user for password:

BASEDN="dc=org1,dc=county"
USERDN="dc=domain1"
BASEDIR=/home/lol87

#login LDAP format: uid=$LOGIN,$USERDN,$BASEDN

if  [ -e $1 ];
then
    echo "Login"
    read LOGIN
else
    LOGIN=$1
fi

stty -echo

PASS=s
PASS2=w

while [ $PASS != $PASS2 ];
do
    echo "new password:"
    read PASS
    echo "repeat new password:"
    read PASS2
done

stty echo

echo $PASS > $BASEDIR/${LOGIN}.tmp
chmod 400 $BASEDIR/${LOGIN}.tmp

#generate new password for LDAP:

LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n)
echo $LDAPPASS
rm $BASEDIR/${LOGIN}.tmp

cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed ' s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ ' > $BASEDIR/passchange_tmp.ldif
echo  "userPassword: $LDAPPASS" >> $BASEDIR/passchange_tmp.ldif
ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password < $BASEDIR/passchange_tmp.ldif

#rm $BASEDIR/passchange_tmp.ldif

and now:
$ cat passchange.ldif
dn: uid=LDAPLOGIN,USERDN,BASEDN
changetype: modify
replace: userPassword

You may need to change:

slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n

paremeter of -c option defines salt. In my experience i saw many Linux distros having diferent salt. Part "$6$" is required (look in man page of crypt function) and "%.27s" means to generate 27chars for salt. More details you may found in man page of slappasswd. Option -h tells slappasswd to use format provided as parameter in this case crypt.

I did not use it for some time soo please treat this as a template for your script. I hope this will help you.

Greg.

2012/8/5 Fosiul Alam <fosiul@gmail.com>
Hi Thanks
i cant use GUI  as the script should take care everything
I think it would sha1 .
i will try to find a solution if i cant please post your script here

it would be really helpful
thanks


On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@gmail.com> wrote:
> You can use gui. Just edit user account and type thre new password.
> Directory server should encypt it before updating the entry in database.
>
> If you use slappasswd without any parameters it will ask for password and
> generate sha1 hash for you. To use crypt you need to set format to crypt,
> and set proper salt.
>
> I shold have on my pc example script using slappasswd i wrote it some time
> ago. I can't post it now bcause at the moment im on the bus. If no one will
> post example of using slappasswd then I will later. Unless you will find
> solution first.
>
> Greg.
>
> Send from htc desire z
>
> 05-08-2012 15:34, "Fosiul Alam" <fosiul@gmail.com> napisa³(a):
>
>> HI
>> Thanks for reply
>> I am using Directory Server 389
>>
>> and I am using a script to create the ldif file
>>
>> So some how i will  have to create userpassword ..
>>
>> But dont understand .. whats the way  to do that
>> From GUI interface i can create password  easily
>> so whats the syntax to create userpassword ??
>>
>> Regards
>>
>>
>> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>> <christopher_wood@pobox.com> wrote:
>> > Perhaps use slappasswd?
>> >
>> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>> >> Hi
>> >> I am generating  the ldif by script.
>> >> but i cant understand how  will i generate the userpassword.
>> >>
>> >> userPassword: {crypt}x
>> >>
>> >> how this crypt or hash working
>> >>
>> >> Please give me some lights on this.
>> >>
>> >>
>> >> Regards
>> >> --
>> >> 389 users mailing list
>> >> 389-users@lists.fedoraproject.org
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> > --
>> > 389 users mailing list
>> > 389-users@lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users



--
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users