Hi thanks for the script
one thing i am still confused is
suppose i want to give password "test123" as default password at time
of user creating
how will i create this password and will put that one in
userPassword: ???
On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki <gd1100(a)gmail.com> wrote:
Here it is. I was using it to change password on openldap + samba
using
ldap. Samba has its own password attribute. This script takes password from
user, encrypt it in crypt + call smbpasswd to set password aswell.
$ cat sambaldapnewpass
#!/bin/bash
#ask user for password:
BASEDN="dc=org1,dc=county"
USERDN="dc=domain1"
BASEDIR=/home/lol87
#login LDAP format: uid=$LOGIN,$USERDN,$BASEDN
if [ -e $1 ];
then
echo "Login"
read LOGIN
else
LOGIN=$1
fi
stty -echo
PASS=s
PASS2=w
while [ $PASS != $PASS2 ];
do
echo "new password:"
read PASS
echo "repeat new password:"
read PASS2
done
stty echo
echo $PASS > $BASEDIR/${LOGIN}.tmp
chmod 400 $BASEDIR/${LOGIN}.tmp
#generate new password for LDAP:
LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T
$BASEDIR/${LOGIN}.tmp
-n)
echo $LDAPPASS
rm $BASEDIR/${LOGIN}.tmp
cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed '
s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ ' >
$BASEDIR/passchange_tmp.ldif
echo "userPassword: $LDAPPASS" >> $BASEDIR/passchange_tmp.ldif
ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password <
$BASEDIR/passchange_tmp.ldif
#rm $BASEDIR/passchange_tmp.ldif
and now:
$ cat passchange.ldif
dn: uid=LDAPLOGIN,USERDN,BASEDN
changetype: modify
replace: userPassword
You may need to change:
slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n
paremeter of -c option defines salt. In my experience i saw many Linux
distros having diferent salt. Part "$6$" is required (look in man page of
crypt function) and "%.27s" means to generate 27chars for salt. More details
you may found in man page of slappasswd. Option -h tells slappasswd to use
format provided as parameter in this case crypt.
I did not use it for some time soo please treat this as a template for your
script. I hope this will help you.
Greg.
2012/8/5 Fosiul Alam <fosiul(a)gmail.com>
>
> Hi Thanks
> i cant use GUI as the script should take care everything
> I think it would sha1 .
> i will try to find a solution if i cant please post your script here
>
> it would be really helpful
> thanks
>
>
> On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100(a)gmail.com>
> wrote:
> > You can use gui. Just edit user account and type thre new password.
> > Directory server should encypt it before updating the entry in database.
> >
> > If you use slappasswd without any parameters it will ask for password
> > and
> > generate sha1 hash for you. To use crypt you need to set format to
> > crypt,
> > and set proper salt.
> >
> > I shold have on my pc example script using slappasswd i wrote it some
> > time
> > ago. I can't post it now bcause at the moment im on the bus. If no one
> > will
> > post example of using slappasswd then I will later. Unless you will find
> > solution first.
> >
> > Greg.
> >
> > Send from htc desire z
> >
> > 05-08-2012 15:34, "Fosiul Alam" <fosiul(a)gmail.com> napisaĆ(a):
> >
> >> HI
> >> Thanks for reply
> >> I am using Directory Server 389
> >>
> >> and I am using a script to create the ldif file
> >>
> >> So some how i will have to create userpassword ..
> >>
> >> But dont understand .. whats the way to do that
> >> From GUI interface i can create password easily
> >> so whats the syntax to create userpassword ??
> >>
> >> Regards
> >>
> >>
> >> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
> >> <christopher_wood(a)pobox.com> wrote:
> >> > Perhaps use slappasswd?
> >> >
> >> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
> >> >> Hi
> >> >> I am generating the ldif by script.
> >> >> but i cant understand how will i generate the userpassword.
> >> >>
> >> >> userPassword: {crypt}x
> >> >>
> >> >> how this crypt or hash working
> >> >>
> >> >> Please give me some lights on this.
> >> >>
> >> >>
> >> >> Regards
> >> >> --
> >> >> 389 users mailing list
> >> >> 389-users(a)lists.fedoraproject.org
> >> >>
https://admin.fedoraproject.org/mailman/listinfo/389-users
> >> > --
> >> > 389 users mailing list
> >> > 389-users(a)lists.fedoraproject.org
> >> >
https://admin.fedoraproject.org/mailman/listinfo/389-users
> >>
> >>
> >>
> >> --
> >> Regards
> >> Fosiul Alam
> >> 07877100621
> >>
http://www.fosiul.co.uk
> >> --
> >> 389 users mailing list
> >> 389-users(a)lists.fedoraproject.org
> >>
https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> > --
> > 389 users mailing list
> > 389-users(a)lists.fedoraproject.org
> >
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> Regards
> Fosiul Alam
> 07877100621
>
http://www.fosiul.co.uk
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users