|
|
(8 intermediate revisions by 2 users not shown) |
Line 1: |
Line 1: |
| == Introduction ==
| | The content on this page has moved to |
|
| |
|
| The package <tt>open-xchange-passwordchange-script</tt> allows you to run a command to change a password in an external subsystem like e.g. LDAP.
| | https://documentation.open-xchange.com/main/middleware/login_and_sessions/change_passwords_external.html |
|
| |
|
| == Installation ==
| | Note: Open-Xchange is in the process of migrating all its technical documentation to our documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system. |
| | |
| {{InstallPlugin|pluginname=open-xchange-passwordchange-script|sopath=stable}}
| |
| | |
| == Enable the password change dialog within the AppSuite Frontend ==
| |
| | |
| After the installation of the package, you must explicitly enable the password change dialog for each AppSuite user. The simplest option to do this, is executing the following command:
| |
| | |
| /opt/open-xchange/sbin/changeuser -c <_context_id_> -u <_user_name_> --access-edit-password on
| |
| | |
| | |
| == Example ==
| |
| | |
| In <tt>/opt/open-xchange/etc/change_pwd_script.properties</tt> add this line:
| |
| | |
| com.openexchange.passwordchange.script.shellscript=/bin/pwchange.pl
| |
| | |
| === Example Script 1 ===
| |
| | |
| This example script calls <tt>saslpasswd</tt> to change the password in the sasldb:
| |
| | |
| #! /usr/bin/perl -w -T
| |
| #
| |
| # perlsec(1) for security related perl programming
| |
| #
| |
| use Getopt::Long;
| |
| use strict;
| |
|
| |
| my $user;
| |
| my $pw;
| |
| my $result;
| |
| my $cid;
| |
| my $oldpassword;
| |
| my $userid;
| |
|
| |
| open(LOG, '>>/var/log/pw.log');
| |
|
| |
| sub log_error {
| |
| my $errorstring=$_[0];
| |
| print LOG "Error: $errorstring\n";
| |
| die "$errorstring";
| |
| }
| |
| # secure env
| |
| $ENV{'PATH'} = "";
| |
| $ENV{'ENV'} = "";
| |
|
| |
| $result = GetOptions ("username=s" => \$user,
| |
| "cid" => \$cid,
| |
| "userid" => \$userid,
| |
| "oldpassword" => \$oldpassword,
| |
| "newpassword=s" => \$pw);
| |
|
| |
| $user || &log_error("missing parameter username");
| |
| print LOG "changing password for user $user\n";
| |
| $pw || &log_error("missing parameter newpassword");
| |
|
| |
| my $usersav = $user;
| |
|
| |
| # add a taint check
| |
| if ($user =~ /^([-\@\w.]+)$/) {
| |
| $user = $1; # $data now untainted
| |
| } else {
| |
| &log_error("Bad data in '$user'");
| |
| }
| |
|
| |
| die "Can't fork: $!" unless defined(my $pid = open(KID, "|-"));
| |
| if ($pid) { # parent
| |
| print KID $pw;
| |
| close KID;
| |
| } else {
| |
| exec '/usr/bin/sudo', '/usr/sbin/saslpasswd2', '-p', "$user"
| |
| or &log_error("can't exec myprog: $!");
| |
| }
| |
| close(LOG);
| |
| | |
| === Example Script 2 ===
| |
| | |
| The following script uses ldappasswd to change the password in an LDAP server.
| |
| | |
| #!/bin/bash
| |
| ldappasswd -h my_ldap_server -D "uid=$4,ou=people,dc=example,dc=com" -w $8 \
| |
| -s ${10} "uid=$4,ou=people,dc=example,dc=com"
| |
| | |
| === Example Script 3 ===
| |
| | |
| The following script uses open-xchange-passwordchange-script data to change the password within LDAP
| |
| | |
| #!/usr/bin/perl -w
| |
| # Begin LDAP Stuff
| |
| use Net::LDAP;
| |
| use Net::LDAP::Extension::SetPassword;
| |
| my $cid = $ARGV[1];
| |
| my $userid = $ARGV[5];
| |
| my $oldpw = $ARGV[7];
| |
| my $hostname= 'localhost';
| |
| my $rootdn= 'cn=Administrator,dc=example,dc=com';
| |
| my $userbind= 'ou=People,dc=example,dc=com';
| |
| my $adminpasswd='system';
| |
| my $name= $ARGV[3];
| |
| my $newpasswd= $ARGV[9];
| |
| my $ldap = Net::LDAP->new("$hostname")
| |
| or die "Host not found: $!";
| |
|
| |
| open(LOG, '>>/var/log/open-xchange/pw.log');
| |
|
| |
| sub log_error {
| |
| my $errorstring=$_[0];
| |
| print LOG "Error: $errorstring\n";
| |
| die "$errorstring";
| |
| }
| |
|
| |
| $name || &log_error("missing parameter username");
| |
| print LOG "changing password for $ARGV[2]: $name with $ARGV[0]: $cid and $ARGV[4]: $userid\n";
| |
| $newpasswd || &log_error("missing parameter newpassword");
| |
|
| |
| $ldap->bind( "$rootdn", password => "$adminpasswd" );
| |
|
| |
| my $mesg = $ldap->set_password(
| |
| newpasswd => "$newpasswd",
| |
| user => "uid=$name,$userbind"
| |
| );
| |
|
| |
| die "error: ", $mesg->code(), ": ", $mesg->error() if ( $mesg->code() );
| |
| close(LOG);
| |