|
|
(10 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
− | == Introduction ==
| + | The content on this page has moved to |
| | | |
− | The package <tt>open-xchange-passwordchange-script</tt> allows you to run a command to change a password in an external subsystem like e.g. LDAP.
| + | https://documentation.open-xchange.com/main/middleware/login_and_sessions/change_passwords_external.html |
| | | |
− | == Installation ==
| + | Note: Open-Xchange is in the process of migrating all its technical documentation to our documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system. |
− | | |
− | {{InstallPlugin|pluginname=open-xchange-passwordchange-script|sopath=stable}}
| |
− | | |
− | | |
− | == Example ==
| |
− | | |
− | In <tt>/opt/open-xchange/etc/groupware/change_pwd_script.properties</tt> add this line:
| |
− | | |
− | com.openexchange.passwordchange.script.shellscript=/bin/pwchange.pl
| |
− | | |
− | === Example Script 1 ===
| |
− | | |
− | This example script calls <tt>saslpasswd</tt> to change the password in the sasldb:
| |
− | | |
− | #! /usr/bin/perl -w -T
| |
− | #
| |
− | # perlsec(1) for security related perl programming
| |
− | #
| |
− | use Getopt::Long;
| |
− | use strict;
| |
− |
| |
− | my $user;
| |
− | my $pw;
| |
− | my $result;
| |
− | my $cid;
| |
− | my $oldpassword;
| |
− | my $userid;
| |
− |
| |
− | open(LOG, '>>/var/log/pw.log');
| |
− |
| |
− | sub log_error {
| |
− | my $errorstring=$_[0];
| |
− | print LOG "Error: $errorstring\n";
| |
− | die "$errorstring";
| |
− | }
| |
− | # secure env
| |
− | $ENV{'PATH'} = "";
| |
− | $ENV{'ENV'} = "";
| |
− |
| |
− | $result = GetOptions ("username=s" => \$user,
| |
− | "cid" => \$cid,
| |
− | "userid" => \$userid,
| |
− | "oldpassword" => \$oldpassword,
| |
− | "newpassword=s" => \$pw);
| |
− |
| |
− | $user || &log_error("missing parameter username");
| |
− | print LOG "changing password for user $user\n";
| |
− | $pw || &log_error("missing parameter newpassword");
| |
− |
| |
− | my $usersav = $user;
| |
− |
| |
− | # add a taint check
| |
− | if ($user =~ /^([-\@\w.]+)$/) {
| |
− | $user = $1; # $data now untainted
| |
− | } else {
| |
− | &log_error("Bad data in '$user'");
| |
− | }
| |
− |
| |
− | die "Can't fork: $!" unless defined(my $pid = open(KID, "|-"));
| |
− | if ($pid) { # parent
| |
− | print KID $pw;
| |
− | close KID;
| |
− | } else {
| |
− | exec '/usr/bin/sudo', '/usr/sbin/saslpasswd2', '-p', "$user"
| |
− | or &log_error("can't exec myprog: $!");
| |
− | }
| |
− | close(LOG);
| |
− | | |
− | === Example Script 2 ===
| |
− | | |
− | The following script uses ldappasswd to change the password in an LDAP server.
| |
− | | |
− | #!/bin/bash
| |
− | ldappasswd -h my_ldap_server -D "uid=$4,ou=people,dc=example,dc=com" -w $8 \
| |
− | -s ${10} "uid=$4,ou=people,dc=example,dc=com"
| |
− | | |
− | === Example Script 3 ===
| |
− | | |
− | The following script uses open-xchange-passwordchange-script data to change the password within LDAP
| |
− | | |
− | #!/usr/bin/perl -w
| |
− | # Begin LDAP Stuff
| |
− | use Net::LDAP;
| |
− | use Net::LDAP::Extension::SetPassword;
| |
− | my $cid = $ARGV[1];
| |
− | my $userid = $ARGV[5];
| |
− | my $oldpw = $ARGV[7];
| |
− | my $hostname= 'localhost';
| |
− | my $rootdn= 'cn=Administrator,dc=example,dc=com';
| |
− | my $userbind= 'ou=People,dc=example,dc=com';
| |
− | my $adminpasswd='system';
| |
− | my $name= $ARGV[3];
| |
− | my $newpasswd= $ARGV[9];
| |
− | my $ldap = Net::LDAP->new("$hostname")
| |
− | or die "Host not found: $!";
| |
− |
| |
− | open(LOG, '>>/var/log/open-xchange/pw.log');
| |
− |
| |
− | sub log_error {
| |
− | my $errorstring=$_[0];
| |
− | print LOG "Error: $errorstring\n";
| |
− | die "$errorstring";
| |
− | }
| |
− |
| |
− | $name || &log_error("missing parameter username");
| |
− | print LOG "changing password for $ARGV[2]: $name with $ARGV[0]: $cid and $ARGV[4]: $userid\n";
| |
− | $newpasswd || &log_error("missing parameter newpassword");
| |
− |
| |
− | $ldap->bind( "$rootdn", password => "$adminpasswd" );
| |
− |
| |
− | my $mesg = $ldap->set_password(
| |
− | newpasswd => "$newpasswd",
| |
− | user => "uid=$name,$userbind"
| |
− | );
| |
− |
| |
− | die "error: ", $mesg->code(), ": ", $mesg->error() if ( $mesg->code() );
| |
− | close(LOG);
| |