SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


sunldappasswordreset
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

sunldappasswordreset [2013/04/21 10:27] (current)
sjoerd created
Line 1: Line 1:
 += Change Passwords Users in SUN LDAP Server =
 +
 +For the convenience of client support a script has been created to easily change the password of users. Simply follow these steps to change the password of an user:
 +# Log on to solarisbox as clsupport
 +# The change password script is automatically started
 +# Fill in the username of the user you need to change the password for
 +# The new password is shown, email the user the new password.
 +
 +> Note: Never tell the user the password, always email it to prevent "​social password hacking"​
 +
 += Change the Password Multiple Times a Day =
 +Because of the password policy it's not allowed to change the password to a password that has been used before. Which means, with the script you can't reset the password twice on one day. The solution is to contact a Sysadmin who can
 +
 +# Kick the script with the new password as commandline option
 +## root@solarisbox:#​ /​home/​clsupport/​bin/​chpasswd TESTww11
 +
 +> Note that the script has to be run as root or might get error messages regarding access of the .prd file (where the password is located for the simple bind). ​
 +
 += The Script =
 +
 +<code bash>
 +#​!/​usr/​bin/​bash
 +# Generate a password
 +
 +if [ "​$1"​ ]
 +then
 +        NPWD="​$1"​
 +else
 +        NPWD=$(date +%a%d%h)
 +fi
 +
 +clear
 +
 +cd bin
 +
 +tput bold
 +tput smul
 +echo "<​company>​ Client Support Change User Password"​
 +tput rmul
 +tput rmso
 +echo
 +echo -n "​Username:​ "
 +read USERNAME
 +FULLNAME=$(getent passwd $USERNAME | cut -d: -f5)
 +
 +if [ ! "​$FULLNAME"​ ]
 +then
 +        echo "User \"​$USERNAME\"​ unknown"​
 +        exit
 +else
 +        echo "dn: uid=$USERNAME,​ou=people,​dc=prd,​dc=domain"​ >/​tmp/​newpwd.ldif
 +        echo "​changetype:​ modify"​ >>/​tmp/​newpwd.ldif
 +        echo "​replace:​ userPassword"​ >>/​tmp/​newpwd.ldif
 +        echo "​userPassword:​ $NPWD" >>/​tmp/​newpwd.ldif
 +        echo "​Changing password for \"​$FULLNAME\""​
 +        echo
 +        ldapmodify -h ldaphgost02 -f /​tmp/​newpwd.ldif -D "​cn=Directory Manager"​ -j .pwd >/​dev/​null
 +        rm /​tmp/​newpwd.ldif
 +fi
 +
 +echo
 +echo "​Password is reset to $NPWD"
 +echo "​Finished,​ press <​Enter>​ to exit"
 +echo
 +read dummy
 +exit
 +</​code>​
 +
 +{{tag>​solaris ldap ldif security scripts}}
  
sunldappasswordreset.txt ยท Last modified: 2013/04/21 10:27 by sjoerd