[Samba] Samba 2.2.3a+LDAP Password synch w/MD5

nate samba at aphroland.org
Thu Mar 21 20:00:03 GMT 2002 

hi.

Today i started working on how I can get password synch
with LDAP and MD5 passwords.

Since I'm no scripter or programmer I saw a couple other scripts
and combined parts and added some of my own,and the result
is a script that can change a password on the command line,
I haven't yet tried it through samba(I will tomorrow once i get back
to the office, no way to test from home)

I put the script here, as the email I'm sure will mangle it:
http://portal.aphroland.org/samba/smbpass-ldap.txt

My problems with existing scripts:
1) they used crypt password, where I am using MD5
2) They depended on a dn: uid=, and i could not get this
working, so I wrote a quick ldapsearch query to extract the
full name from the database for modifying the ldappassword.

I would really like a way to do this without putting the
admin password in the script.,  if theres a way to store
this password encrypted somehow that would be great.

I would of had this done hours ago but came accross a bug
in openssh where it segfaults when libnss-ldap is installed
and using SSL/TLS. wasn't till about 30mins ago that i tried
it with SSL/TLSoff and it stopped segfaulting.

I'm sure there is probably a better way to do this, so any
suggestions are welcome :)

thanks!

nate

the script:
#!/usr/bin/perl -w my $pass;
my $pass2; $user=$ARGV[0];
system "stty -echo";
print "New password : ";
chomp($pass=<STDIN>);
print "\n";
system "stty echo"; system "stty -echo";
print "Retype new password : ";
chomp($pass2=<STDIN>);
print "\n";
system "stty echo"; if ($pass ne $pass2) {
    print "New passwords don't match!\n";
    exit (10);
} system "/usr/bin/smbpasswd $user $pass";
$pass=`/usr/sbin/slappasswd -h {MD5} -s $pass`;
$id=`/usr/bin/ldapsearch -H 'ldap://my.ldap.server:3890/' -b
'ou=People,o=linuxpowered,c=us' '(uid=$user)' cn -LLL | grep 'cn:' | cut -b
5-0`;
#print "Username: $user\n";
#print "UserID: $id\n";
#print "Password: $pass\n";
#exit 1;
$FILE="|ldapmodify -D 'cn=admin,o=linuxpowered,c=us' -w MY_SECRET -H
'ldap://my.ldap.server:3890/'";
open FILE or die;
print FILE <<EOF;
dn: cn=$id ,ou=People ,o=linuxpowered ,c=us
changetype: modify
replace: userPassword
userPassword: $pass
EOF
close FILE;
exit 0;

More information about the samba mailing list