ChangePasswordExternal: Difference between revisions
From Open-Xchange
No edit summary |
No edit summary |
||
| Line 79: | Line 79: | ||
ldappasswd -h my_ldap_server -D "uid=$4,ou=people,dc=example,dc=com" -w $8 \ | ldappasswd -h my_ldap_server -D "uid=$4,ou=people,dc=example,dc=com" -w $8 \ | ||
-s ${10} "uid=$4,ou=people,dc=example,dc=com" | -s ${10} "uid=$4,ou=people,dc=example,dc=com" | ||
=== Example Script 3 === | |||
The following script uses open-xchange-passwordchange-script data to change the password within LDAP | |||
#!/usr/bin/perl -w | |||
# Begin LDAP Stuff | |||
use Net::LDAP; | |||
use Net::LDAP::Extension::SetPassword; | |||
my $cid = $ARGV[1]; | |||
my $userid = $ARGV[5]; | |||
my $oldpw = $ARGV[7]; | |||
my $hostname= 'localhost'; | |||
my $rootdn= 'cn=Administrator,dc=example,dc=com'; | |||
my $userbind= 'ou=People,dc=example,dc=com'; | |||
my $adminpasswd='system'; | |||
my $name= $ARGV[3]; | |||
my $newpasswd= $ARGV[9]; | |||
my $ldap = Net::LDAP->new("$hostname") | |||
or die "Host not found: $!"; | |||
open(LOG, '>>/var/log/open-xchange/pw.log'); | |||
sub log_error { | |||
my $errorstring=$_[0]; | |||
print LOG "Error: $errorstring\n"; | |||
die "$errorstring"; | |||
} | |||
$name || &log_error("missing parameter username"); | |||
print LOG "changing password for $ARGV[2]: $name with $ARGV[0]: $cid and $ARGV[4]: $userid\n"; | |||
$newpasswd || &log_error("missing parameter newpassword"); | |||
$ldap->bind( "$rootdn", password => "$adminpasswd" ); | |||
my $mesg = $ldap->set_password( | |||
newpasswd => "$newpasswd", | |||
user => "uid=$name,$userbind" | |||
); | |||
die "error: ", $mesg->code(), ": ", $mesg->error() if ( $mesg->code() ); | |||
close(LOG); | |||
Revision as of 20:39, 18 February 2010
Introduction
The package open-xchange-passwordchange-script allows you to run a command to change a password in an external subsystem like e.g. LDAP.
Installation
Install on OX AppSuite
Debian GNU/Linux 11.0
Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:
deb https://software.open-xchange.com/products/stable/DebianBullseye/ /
# if you have a valid maintenance subscription, please uncomment the
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/stable/updates/DebianBullseye/ /
and run
$ apt-get update $ apt-get install open-xchange-passwordchange-script
Debian GNU/Linux 12.0
Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:
deb https://software.open-xchange.com/products/stable/DebianBookworm/ /
# if you have a valid maintenance subscription, please uncomment the
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/stable/updates/DebianBookworm/ /
and run
$ apt-get update $ apt-get install open-xchange-passwordchange-script
Example
In /opt/open-xchange/etc/groupware/change_pwd_script.properties add this line:
com.openexchange.passwordchange.script.shellscript=/bin/pwchange.pl
Example Script 1
This example script calls saslpasswd to change the password in the sasldb:
#! /usr/bin/perl -w -T
#
# perlsec(1) for security related perl programming
#
use Getopt::Long;
use strict;
my $user;
my $pw;
my $result;
my $cid;
my $oldpassword;
my $userid;
open(LOG, '>>/var/log/pw.log');
sub log_error {
my $errorstring=$_[0];
print LOG "Error: $errorstring\n";
die "$errorstring";
}
# secure env
$ENV{'PATH'} = "";
$ENV{'ENV'} = "";
$result = GetOptions ("username=s" => \$user,
"cid" => \$cid,
"userid" => \$userid,
"oldpassword" => \$oldpassword,
"newpassword=s" => \$pw);
$user || &log_error("missing parameter username");
print LOG "changing password for user $user\n";
$pw || &log_error("missing parameter newpassword");
my $usersav = $user;
# add a taint check
if ($user =~ /^([-\@\w.]+)$/) {
$user = $1; # $data now untainted
} else {
&log_error("Bad data in '$user'");
}
die "Can't fork: $!" unless defined(my $pid = open(KID, "|-"));
if ($pid) { # parent
print KID $pw;
close KID;
} else {
exec '/usr/bin/sudo', '/usr/sbin/saslpasswd2', '-p', "$user"
or &log_error("can't exec myprog: $!");
}
close(LOG);
Example Script 2
The following script uses ldappasswd to change the password in an LDAP server.
#!/bin/bash
ldappasswd -h my_ldap_server -D "uid=$4,ou=people,dc=example,dc=com" -w $8 \
-s ${10} "uid=$4,ou=people,dc=example,dc=com"
Example Script 3
The following script uses open-xchange-passwordchange-script data to change the password within LDAP
#!/usr/bin/perl -w
# Begin LDAP Stuff
use Net::LDAP;
use Net::LDAP::Extension::SetPassword;
my $cid = $ARGV[1];
my $userid = $ARGV[5];
my $oldpw = $ARGV[7];
my $hostname= 'localhost';
my $rootdn= 'cn=Administrator,dc=example,dc=com';
my $userbind= 'ou=People,dc=example,dc=com';
my $adminpasswd='system';
my $name= $ARGV[3];
my $newpasswd= $ARGV[9];
my $ldap = Net::LDAP->new("$hostname")
or die "Host not found: $!";
open(LOG, '>>/var/log/open-xchange/pw.log');
sub log_error {
my $errorstring=$_[0];
print LOG "Error: $errorstring\n";
die "$errorstring";
}
$name || &log_error("missing parameter username");
print LOG "changing password for $ARGV[2]: $name with $ARGV[0]: $cid and $ARGV[4]: $userid\n";
$newpasswd || &log_error("missing parameter newpassword");
$ldap->bind( "$rootdn", password => "$adminpasswd" );
my $mesg = $ldap->set_password(
newpasswd => "$newpasswd",
user => "uid=$name,$userbind"
);
die "error: ", $mesg->code(), ": ", $mesg->error() if ( $mesg->code() );
close(LOG);