1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

removing outdated scripts and adding comments about 'ldap password syc'

(This used to be commit 29885eae59)
This commit is contained in:
Gerald Carter 2003-08-28 16:38:59 +00:00
parent 3d393502e7
commit b3f1b28e1e
4 changed files with 5 additions and 335 deletions

View File

@ -1,64 +0,0 @@
#!/usr/bin/perl
##
## Example script to export ldap entries into an smbpasswd file format
## using the Mozilla PerLDAP module.
##
## writen by jerry@samba.org
##
## ported to Net::LDAP by dkrovich@slackworks.com
use Net::LDAP;
######################################################
## Set these values to whatever you need for your site
##
$DN="dc=samba,dc=my-domain,dc=com";
$ROOTDN="cn=Manager,dc=my-domain,dc=com";
$rootpw = "secret";
$LDAPSERVER="localhost";
##
## end local site variables
######################################################
$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER";
print "##\n";
print "## Autogenerated smbpasswd file via ldapsearch\n";
print "## from $LDAPSERVER ($DN)\n";
print "##\n";
## scheck for the existence of the posixAccount first
$result = $ldap->search ( base => "$DN",
scope => "sub",
filter => "(objectclass=sambaAccount)"
);
## loop over the entries we found
while ( $entry = $result->shift_entry() ) {
@uid = $entry->get_value("uid");
@uidNumber = $entry->get_value("uidNumber");
@lm_pw = $entry->get_value("lmpassword");
@nt_pw = $entry->get_value("ntpassword");
@acct = $entry->get_value("acctFlags");
@pwdLastSet = $entry->get_value("pwdLastSet");
if (($#uid+1) && ($#uidNumber+1)) {
$lm_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#lm_pw+1));
$nt_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#nt_pw+1));
$acct[0] = "[DU ]" if (! ($#acct+1));
$pwdLastSet[0] = "FFFFFFFF" if (! ($#pwdLastSet+1));
print "$uid[0]:$uidNumber[0]:$lm_pw[0]:$nt_pw[0]:$acct[0]:LCT-$pwdLastSet[0]\n";
}
}
$ldap->unbind();
exit 0;

View File

@ -1,119 +0,0 @@
#!/usr/bin/perl
##
## Example script of how you could import a smbpasswd file into an LDAP
## directory using the Mozilla PerLDAP module.
##
## writen by jerry@samba.org
##
## ported to Net::LDAP by dkrovich@slackworks.com
use Net::LDAP;
#################################################
## set these to a value appropriate for your site
##
$DN="ou=people,dc=plainjoe,dc=org";
$ROOTDN="cn=Manager,dc=plainjoe,dc=org";
# If you use perl special character in your
# rootpw, escape them:
# $rootpw = "secr\@t" instead of $rootpw = "secr@t"
$rootpw = "n0pass";
$LDAPSERVER="scooby";
##
## end local site variables
#################################################
$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER";
## Bind as $ROOTDN so you can do updates
$mesg = $ldap->bind($ROOTDN, password => $rootpw);
$mesg->error() if $mesg->code();
while ( $string = <STDIN> ) {
chomp ($string);
## Get the account info from the smbpasswd file
@smbentry = split (/:/, $string);
## Check for the existence of a system account
@getpwinfo = getpwnam($smbentry[0]);
if (! @getpwinfo ) {
print STDERR "**$smbentry[0] does not have a system account... \n";
next;
}
## Calculate RID = uid*2 +1000
$rid=@getpwinfo[2]*2+1000;
## check and see if account info already exists in LDAP.
$result = $ldap->search ( base => "$DN",
scope => "sub",
filter => "(uid=$smbentry[0])"
);
## If no LDAP entry exists, create one.
if ( $result->count == 0 ) {
$new_entry = Net::LDAP::Entry->new();
$new_entry->add( dn => "uid=$smbentry[0],$DN",
uid => $smbentry[0],
rid => $rid,
lmPassword => $smbentry[2],
ntPassword => $smbentry[3],
acctFlags => $smbentry[4],
cn => $smbentry[0],
pwdLastSet => hex(substr($smbentry[5],4)),
objectclass => 'sambaAccount' );
$result = $ldap->add( $new_entry );
$result->error() if $result->code();
print "Adding [uid=" . $smbentry[0] . "," . $DN . "]\n";
## Otherwise, supplement/update the existing entry.
}
elsif ($result->count == 1)
{
# Put the search results into an entry object
$entry = $result->entry(0);
print "Updating [" . $entry->dn . "]\n";
## Add the objectclass: sambaAccount attribute if it's not there
@values = $entry->get_value( "objectclass" );
$flag = 1;
foreach $item (@values) {
print "$item\n";
if ( "$item" eq "sambaAccount" ) {
$flag = 0;
}
}
if ( $flag ) {
## Adding sambaAccount objectclass requires adding at least rid:
## uid attribute already exists we know since we searched on it
$entry->add(objectclass => "sambaAccount",
rid => $rid );
}
## Set the other attribute values
$entry->replace(rid => $rid,
lmPassword => $smbentry[2],
ntPassword => $smbentry[3],
acctFlags => $smbentry[4],
pwdLastSet => hex(substr($smbentry[5],4)));
## Apply changes to the LDAP server
$updatemesg = $entry->update($ldap);
$updatemesg->error() if $updatemesg->code();
## If we get here, the LDAP search returned more than one value
## which shouldn't happen under normal circumstances.
} else {
print STDERR "LDAP search returned more than one entry for $smbentry[0]... skipping!\n";
next;
}
}
$ldap->unbind();
exit 0;

View File

@ -1,152 +0,0 @@
#!/usr/bin/perl -w
# LDAP to unix password sync script for samba-tng
# originally by Jody Haynes <Jody.Haynes@isunnetworks.com>
# 2000/12/12 milos@interactivesi.com
# modified for use with MD5 passwords
# 2000/12/16 mami@arena.sci.univr.it
# modified to change lmpassword and ntpassword for samba
# 2001/01/05 mami@arena.sci.univr.it
# modified for being also a /bin/passwd replacement
# 2001/01/29 mami@arena.sci.univr.it
# now there are two small programs: ldapchpasswd to
# change password from unix and ldapsync.pl to sync
# from NT/2000. ldapchpasswd do not need clear password.
# 2001/01/31 mami@arena.sci.univr.it
# add server parameter to ldap commands
# 2001/06/20 mami@arena.sci.univr.it
# add pwdlastset and shadowlastchange update
$basedn = "ou=Students,dc=univr, dc=it";
$binddn = "uid=root,dc=univr,dc=it";
$scope = "sub";
$server = "my_server";
foreach $arg (@ARGV) {
if ($< != 0) {
die "Only root can specify parameters\n";
} else {
if ( ($arg eq '-?') || ($arg eq '--help') ) {
print "Usage: $0 [-o] [username]\n";
print " -o, --without-old-password do not ask for old password (root only)\n";
print " -?, --help show this help message\n";
exit (-1);
} elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) {
$oldpass = 1;
} elsif (substr($arg,0) ne '-') {
$user = $arg;
if (!defined(getpwnam($user))) {
die "$0: Unknown user name '$user'\n"; ;
}
}
}
}
if (!defined($user)) {
$user=$ENV{"USER"};
}
# current user's dn
my $dn = '';
if ($< == 0) {
system "stty -echo";
print "LDAP password for root DN: ";
chomp($passwd=<STDIN>);
print "\n";
system "stty echo";
# Find dn for user $user binding as root's dn
chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$binddn' -w '$passwd' '(uid=$user)'|head -1`);
if ( ($dn eq '') || ($passwd eq '') ) {
print "Wrong LDAP password for root DN!\n";
exit (-1);
}
} else {
if (!defined($oldpass)) {
system "stty -echo";
print "Old password for user $user: ";
chomp($oldpass=<STDIN>);
print "\n";
system "stty echo";
# Find path to uid
chomp($path_to_uid=`ldapsearch -h '$server' -b '$basedn' -s '$scope' '(uid=$user)'|head -1`);
# Find old password for user $user binding as self
chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$path_to_uid' -w '$oldpass' '(uid=$user)'|head -1`);
if ( ($dn eq '') || ($oldpass eq '') ) {
print "Wrong password for user $user!\n";
exit (-1);
}
}
}
system "stty -echo";
print "New password for user $user: ";
chomp($pass=<STDIN>);
print "\n";
system "stty echo";
system "stty -echo";
print "Retype new password for user $user: ";
chomp($pass2=<STDIN>);
print "\n";
system "stty echo";
if ( ($pass ne $pass2) || (length($pass)<1) ) {
die "Wrong password!\n";
} else {
# MD5 password
$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64];
$bsalt = "\$1\$"; $esalt = "\$";
$modsalt = $bsalt.$random.$esalt;
$password = crypt($pass, $modsalt);
# LanManager and NT clear text passwords
$ntpwd = `/usr/local/sbin/mkntpwd '$pass'`;
chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
#$FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w $passwd";
if ($< != 0) {
$FILE="|/usr/bin/ldapmodify -h '$server' -D '$dn' -w '$oldpass'";
} else {
$FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w '$passwd'";
}
# Chenge time
$shadowlastchange=int(time/24/3600);
$pwdlastset=sprintf('%x',time);
open FILE or die;
print FILE <<EOF;
dn: $dn
changetype: modify
replace: userPassword
userPassword: {crypt}$password
-
changetype: modify
replace: lmpassword
lmpassword: $lmpassword
-
changetype: modify
replace: ntpassword
ntpassword: $ntpassword
-
changetype: modify
replace: shadowlastchange
shadowlastchange: $shadowlastchange
-
changetype: modify
replace: pwdlastset
pwdlastset: $pwdlastset
-
EOF
close FILE;
}
exit 0;

View File

@ -8,6 +8,11 @@
# modified to change lmpassword and ntpassword for samba
# 05/01/2001 mami@arena.sci.univr.it
# modified for being also a /bin/passwd replacement
#
# ACHTUNG!! For servers that support the LDAP Modify password
# extended op (e.g. OpenLDAP), see the "ldap password
# sync" option in smb.conf(5).
#
$basedn = "ou=Students,dc=univr, dc=it";
$binddn = "uid=root,dc=univr,dc=it";