ChangePasswordExternal
From Open-Xchange
Introduction
The package open-xchange-passwordchange-script allows you to run a command to change a password in an external subsystem like e.g. LDAP.
Installation
Install on OX AppSuite
Debian GNU/Linux 11.0
Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:
deb https://software.open-xchange.com/products/stable/DebianBullseye/ /
# if you have a valid maintenance subscription, please uncomment the
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/stable/updates/DebianBullseye/ /
and run
$ apt-get update $ apt-get install open-xchange-passwordchange-script
Debian GNU/Linux 12.0
Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:
deb https://software.open-xchange.com/products/stable/DebianBookworm/ /
# if you have a valid maintenance subscription, please uncomment the
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/stable/updates/DebianBookworm/ /
and run
$ apt-get update $ apt-get install open-xchange-passwordchange-script
Example
In /opt/open-xchange/etc/change_pwd_script.properties add this line:
com.openexchange.passwordchange.script.shellscript=/bin/pwchange.pl
Example Script 1
This example script calls saslpasswd to change the password in the sasldb:
#! /usr/bin/perl -w -T # # perlsec(1) for security related perl programming # use Getopt::Long; use strict; my $user; my $pw; my $result; my $cid; my $oldpassword; my $userid; open(LOG, '>>/var/log/pw.log'); sub log_error { my $errorstring=$_[0]; print LOG "Error: $errorstring\n"; die "$errorstring"; } # secure env $ENV{'PATH'} = ""; $ENV{'ENV'} = ""; $result = GetOptions ("username=s" => \$user, "cid" => \$cid, "userid" => \$userid, "oldpassword" => \$oldpassword, "newpassword=s" => \$pw); $user || &log_error("missing parameter username"); print LOG "changing password for user $user\n"; $pw || &log_error("missing parameter newpassword"); my $usersav = $user; # add a taint check if ($user =~ /^([-\@\w.]+)$/) { $user = $1; # $data now untainted } else { &log_error("Bad data in '$user'"); } die "Can't fork: $!" unless defined(my $pid = open(KID, "|-")); if ($pid) { # parent print KID $pw; close KID; } else { exec '/usr/bin/sudo', '/usr/sbin/saslpasswd2', '-p', "$user" or &log_error("can't exec myprog: $!"); } close(LOG);
Example Script 2
The following script uses ldappasswd to change the password in an LDAP server.
#!/bin/bash ldappasswd -h my_ldap_server -D "uid=$4,ou=people,dc=example,dc=com" -w $8 \ -s ${10} "uid=$4,ou=people,dc=example,dc=com"
Example Script 3
The following script uses open-xchange-passwordchange-script data to change the password within LDAP
#!/usr/bin/perl -w # Begin LDAP Stuff use Net::LDAP; use Net::LDAP::Extension::SetPassword; my $cid = $ARGV[1]; my $userid = $ARGV[5]; my $oldpw = $ARGV[7]; my $hostname= 'localhost'; my $rootdn= 'cn=Administrator,dc=example,dc=com'; my $userbind= 'ou=People,dc=example,dc=com'; my $adminpasswd='system'; my $name= $ARGV[3]; my $newpasswd= $ARGV[9]; my $ldap = Net::LDAP->new("$hostname") or die "Host not found: $!"; open(LOG, '>>/var/log/open-xchange/pw.log'); sub log_error { my $errorstring=$_[0]; print LOG "Error: $errorstring\n"; die "$errorstring"; } $name || &log_error("missing parameter username"); print LOG "changing password for $ARGV[2]: $name with $ARGV[0]: $cid and $ARGV[4]: $userid\n"; $newpasswd || &log_error("missing parameter newpassword"); $ldap->bind( "$rootdn", password => "$adminpasswd" ); my $mesg = $ldap->set_password( newpasswd => "$newpasswd", user => "uid=$name,$userbind" ); die "error: ", $mesg->code(), ": ", $mesg->error() if ( $mesg->code() ); close(LOG);