|
|
| (11 intermediate revisions by 4 users not shown) |
| Line 1: |
Line 1: |
| == Introduction ==
| | The content on this page has moved to |
|
| |
|
| The package <tt>open-xchange-passwordchange-script</tt> allows you to run a command to change a password in an external subsystem like e.g. LDAP.
| | https://documentation.open-xchange.com/main/middleware/login_and_sessions/change_passwords_external.html |
|
| |
|
| == Installation ==
| | Note: Open-Xchange is in the process of migrating all its technical documentation to our documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system. |
| | |
| {{InstallPlugin|pluginname=open-xchange-passwordchange-script|sopath=stable}}
| |
| | |
| | |
| == Example ==
| |
| | |
| In <tt>/opt/open-xchange/etc/groupware/change_pwd_script.properties</tt> add this line:
| |
| | |
| com.openexchange.passwordchange.script.shellscript=/bin/pwchange.pl
| |
| | |
| === Example Script 1 ===
| |
| | |
| This example script calls <tt>saslpasswd</tt> to change the password in the sasldb:
| |
| | |
| #! /usr/bin/perl -w -T
| |
| #
| |
| # perlsec(1) for security related perl programming
| |
| #
| |
| use Getopt::Long;
| |
| use strict;
| |
|
| |
| my $user;
| |
| my $pw;
| |
| my $result;
| |
| my $cid;
| |
| my $oldpassword;
| |
| my $userid;
| |
|
| |
| open(LOG, '>>/var/log/pw.log');
| |
|
| |
| sub log_error {
| |
| my $errorstring=$_[0];
| |
| print LOG "Error: $errorstring\n";
| |
| die "$errorstring";
| |
| }
| |
| # secure env
| |
| $ENV{'PATH'} = "";
| |
| $ENV{'ENV'} = "";
| |
|
| |
| $result = GetOptions ("username=s" => \$user,
| |
| "cid" => \$cid,
| |
| "userid" => \$userid,
| |
| "oldpassword" => \$oldpassword,
| |
| "newpassword=s" => \$pw);
| |
|
| |
| $user || &log_error("missing parameter username");
| |
| print LOG "changing password for user $user\n";
| |
| $pw || &log_error("missing parameter newpassword");
| |
|
| |
| my $usersav = $user;
| |
|
| |
| # add a taint check
| |
| if ($user =~ /^([-\@\w.]+)$/) {
| |
| $user = $1; # $data now untainted
| |
| } else {
| |
| &log_error("Bad data in '$user'");
| |
| }
| |
|
| |
| die "Can't fork: $!" unless defined(my $pid = open(KID, "|-"));
| |
| if ($pid) { # parent
| |
| print KID $pw;
| |
| close KID;
| |
| } else {
| |
| exec '/usr/bin/sudo', '/usr/sbin/saslpasswd2', '-p', "$user"
| |
| or &log_error("can't exec myprog: $!");
| |
| }
| |
| close(LOG);
| |
| | |
| === Example Script 2 ===
| |
| | |
| The following script uses ldappasswd to change the password in an LDAP server.
| |
| | |
| #!/bin/bash
| |
| ldappasswd -h my_ldap_server -D "uid=$4,ou=people,dc=example,dc=com" -w $8 \
| |
| -s ${10} "uid=$4,ou=people,dc=example,dc=com"
| |