ChangePasswordExternal: Difference between revisions

From Open-Xchange
(Replaced content with "The content on this page has moved to https://documentation.open-xchange.com/main/middleware/login_and_sessions/change_passwords_external.html Note: Open-Xchange is in...")
Tag: Replaced
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Introduction ==
The content on this page has moved to


The package <tt>open-xchange-passwordchange-script</tt> allows you to run a command to change a password in an external subsystem like e.g. LDAP.
https://documentation.open-xchange.com/main/middleware/login_and_sessions/change_passwords_external.html


== Installation ==
Note: Open-Xchange is in the process of migrating all its technical documentation to our documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system.
 
{{InstallPlugin|pluginname=open-xchange-passwordchange-script|sopath=stable}}
 
== Enable the password change dialog within the AppSuite Frontend ==
 
After the installation of the package, you must explicitly enable the password change dialog for each AppSuite user. The simplest option to do this, is executing the following command:
 
/opt/open-xchange/sbin/changeuser -c <_context_id_> -u <_user_name_> --access-edit-password on
 
You can also use all other AppSuite provisioning interfaces like JAVA RMI or SOAP. Please review the corresponding documentation for each interface for details.  
 
Screenshot of the password change dialog within AppSuite -> Settings -> Basic Settings -> Password
 
== Configuration Options ==
 
As you see in the screenshot, there are different password options like the min. length etc. Those options can be configured within the following properties file. After you have modified this file, you must restart the open-xchange process.  
 
/opt/open-xchange/etc/passwordchange.properties
 
=== Example Script 1 ===
 
This example script calls <tt>saslpasswd</tt> to change the password in the sasldb:
 
#! /usr/bin/perl -w -T
#
# perlsec(1) for security related perl programming
#
use Getopt::Long;
use strict;
my $user;
my $pw;
my $result;
my $cid;
my $oldpassword;
my $userid;
open(LOG, '>>/var/log/pw.log');
sub log_error {
        my $errorstring=$_[0];
        print LOG "Error: $errorstring\n";
        die "$errorstring";
}
# secure env
$ENV{'PATH'} = "";
$ENV{'ENV'} = "";
$result = GetOptions ("username=s" => \$user,
                      "cid" => \$cid,
                      "userid" => \$userid,
                      "oldpassword" => \$oldpassword,
                      "newpassword=s" => \$pw);
$user || &log_error("missing parameter username");
print LOG "changing password for user $user\n";
$pw || &log_error("missing parameter newpassword");
my $usersav = $user;
# add a taint check
if ($user =~ /^([-\@\w.]+)$/) {
  $user = $1;                    # $data now untainted
} else {
  &log_error("Bad data in '$user'");
}
die "Can't fork: $!" unless defined(my $pid = open(KID, "|-"));
if ($pid) {          # parent
  print KID $pw;
  close KID;
} else {
  exec '/usr/bin/sudo', '/usr/sbin/saslpasswd2', '-p', "$user"
    or &log_error("can't exec myprog: $!");
}
close(LOG);
 
=== Example Script 2 ===
 
The following script uses ldappasswd to change the password in an LDAP server.
 
#!/bin/bash
ldappasswd -h my_ldap_server -D "uid=$4,ou=people,dc=example,dc=com" -w $8 \
    -s ${10} "uid=$4,ou=people,dc=example,dc=com"
 
=== Example Script 3 ===
 
The following script uses open-xchange-passwordchange-script data to change the password within LDAP
 
#!/usr/bin/perl -w   
# Begin LDAP Stuff
        use Net::LDAP;
        use Net::LDAP::Extension::SetPassword;
my $cid = $ARGV[1];
my $userid = $ARGV[5];
my $oldpw = $ARGV[7];
my $hostname= 'localhost';
my $rootdn= 'cn=Administrator,dc=example,dc=com';
my $userbind= 'ou=People,dc=example,dc=com';
my $adminpasswd='system';
my $name= $ARGV[3];
my $newpasswd= $ARGV[9];
my $ldap = Net::LDAP->new("$hostname")
or die "Host not found: $!";
open(LOG, '>>/var/log/open-xchange/pw.log'); 
 
sub log_error {
      my $errorstring=$_[0];
      print LOG "Error: $errorstring\n";
      die "$errorstring";
}
 
$name || &log_error("missing parameter username");
print LOG "changing password for $ARGV[2]: $name with $ARGV[0]: $cid and $ARGV[4]: $userid\n";
$newpasswd || &log_error("missing parameter newpassword");
 
  $ldap->bind( "$rootdn", password => "$adminpasswd" );
my $mesg = $ldap->set_password(
    newpasswd => "$newpasswd",
    user      => "uid=$name,$userbind"
    );
 
  die "error: ", $mesg->code(), ": ", $mesg->error() if ( $mesg->code() );
  close(LOG);

Latest revision as of 10:50, 21 April 2023

The content on this page has moved to

https://documentation.open-xchange.com/main/middleware/login_and_sessions/change_passwords_external.html

Note: Open-Xchange is in the process of migrating all its technical documentation to our documentation system (documentation.open-xchange.com). Please note as the migration takes place more information will be available on the new system and less on this system.