ChangePasswordExternal: Difference between revisions
No edit summary |
|||
Line 13: | Line 13: | ||
/opt/open-xchange/sbin/changeuser -c <_context_id_> -u <_user_name_> --access-edit-password on | /opt/open-xchange/sbin/changeuser -c <_context_id_> -u <_user_name_> --access-edit-password on | ||
You can also use all other AppSuite provisioning interfaces like JAVA RMI or SOAP. Please review the corresponding documentation for each interface for details. | |||
Screenshot of the password change dialog within AppSuite -> Settings -> Basic Settings -> Password | |||
== Example == | == Example == |
Revision as of 12:53, 1 October 2014
Introduction
The package open-xchange-passwordchange-script allows you to run a command to change a password in an external subsystem like e.g. LDAP.
Installation
Install on OX AppSuite
Debian GNU/Linux 11.0
Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:
deb https://software.open-xchange.com/products/stable/DebianBullseye/ /
# if you have a valid maintenance subscription, please uncomment the
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/stable/updates/DebianBullseye/ /
and run
$ apt-get update $ apt-get install open-xchange-passwordchange-script
Debian GNU/Linux 12.0
Add the following entry to /etc/apt/sources.list.d/open-xchange.list if not already present:
deb https://software.open-xchange.com/products/stable/DebianBookworm/ /
# if you have a valid maintenance subscription, please uncomment the
# following and add the ldb account data to the url so that the most recent
# packages get installed
# deb https://[CUSTOMERID:PASSWORD]@software.open-xchange.com/products/stable/updates/DebianBookworm/ /
and run
$ apt-get update $ apt-get install open-xchange-passwordchange-script
Enable the password change dialog within the AppSuite Frontend
After the installation of the package, you must explicitly enable the password change dialog for each AppSuite user. The simplest option to do this, is executing the following command:
/opt/open-xchange/sbin/changeuser -c <_context_id_> -u <_user_name_> --access-edit-password on
You can also use all other AppSuite provisioning interfaces like JAVA RMI or SOAP. Please review the corresponding documentation for each interface for details.
Screenshot of the password change dialog within AppSuite -> Settings -> Basic Settings -> Password
Example
In /opt/open-xchange/etc/change_pwd_script.properties add this line:
com.openexchange.passwordchange.script.shellscript=/bin/pwchange.pl
Example Script 1
This example script calls saslpasswd to change the password in the sasldb:
#! /usr/bin/perl -w -T # # perlsec(1) for security related perl programming # use Getopt::Long; use strict; my $user; my $pw; my $result; my $cid; my $oldpassword; my $userid; open(LOG, '>>/var/log/pw.log'); sub log_error { my $errorstring=$_[0]; print LOG "Error: $errorstring\n"; die "$errorstring"; } # secure env $ENV{'PATH'} = ""; $ENV{'ENV'} = ""; $result = GetOptions ("username=s" => \$user, "cid" => \$cid, "userid" => \$userid, "oldpassword" => \$oldpassword, "newpassword=s" => \$pw); $user || &log_error("missing parameter username"); print LOG "changing password for user $user\n"; $pw || &log_error("missing parameter newpassword"); my $usersav = $user; # add a taint check if ($user =~ /^([-\@\w.]+)$/) { $user = $1; # $data now untainted } else { &log_error("Bad data in '$user'"); } die "Can't fork: $!" unless defined(my $pid = open(KID, "|-")); if ($pid) { # parent print KID $pw; close KID; } else { exec '/usr/bin/sudo', '/usr/sbin/saslpasswd2', '-p', "$user" or &log_error("can't exec myprog: $!"); } close(LOG);
Example Script 2
The following script uses ldappasswd to change the password in an LDAP server.
#!/bin/bash ldappasswd -h my_ldap_server -D "uid=$4,ou=people,dc=example,dc=com" -w $8 \ -s ${10} "uid=$4,ou=people,dc=example,dc=com"
Example Script 3
The following script uses open-xchange-passwordchange-script data to change the password within LDAP
#!/usr/bin/perl -w # Begin LDAP Stuff use Net::LDAP; use Net::LDAP::Extension::SetPassword; my $cid = $ARGV[1]; my $userid = $ARGV[5]; my $oldpw = $ARGV[7]; my $hostname= 'localhost'; my $rootdn= 'cn=Administrator,dc=example,dc=com'; my $userbind= 'ou=People,dc=example,dc=com'; my $adminpasswd='system'; my $name= $ARGV[3]; my $newpasswd= $ARGV[9]; my $ldap = Net::LDAP->new("$hostname") or die "Host not found: $!"; open(LOG, '>>/var/log/open-xchange/pw.log'); sub log_error { my $errorstring=$_[0]; print LOG "Error: $errorstring\n"; die "$errorstring"; } $name || &log_error("missing parameter username"); print LOG "changing password for $ARGV[2]: $name with $ARGV[0]: $cid and $ARGV[4]: $userid\n"; $newpasswd || &log_error("missing parameter newpassword"); $ldap->bind( "$rootdn", password => "$adminpasswd" ); my $mesg = $ldap->set_password( newpasswd => "$newpasswd", user => "uid=$name,$userbind" ); die "error: ", $mesg->code(), ": ", $mesg->error() if ( $mesg->code() ); close(LOG);