#/usr/bin/perl
#
# This script will look for any ldap object of type person, with attribute
# userPassword set, check wether it's already been hashed and hash it if not

use strict;
use Net::LDAP;

my $ldapserver = "localhost";
my $binddn = "cn=manager,o=od";
my $bindpw = "123Soleil" ;


my $base = $ARGV[0] or die 'gimme a valid ldap base\n' ;

my $ldap = Net::LDAP->new( $ldapserver ) or die "$@" ;

my $mesg = $ldap->bind( $binddn,
      password => $bindpw
      );

$mesg->code  and  die $mesg->error;          # check for errors

$mesg = $ldap->search(
      scope => 'base',
      attrs => ['1.1'],
      base => $base ,
      filter=> '(objectClass=*)',
      );
die $mesg->error if $mesg->code ;

if( $mesg -> count() ==0 ) {
  die( "Wrong base or unknown error\n") ;
}

$mesg = $ldap->search(
   base=> $base,
   filter=>"(&(objectClass=person)(userpassword=*))",
   attribute=>"userPassword",
   );
$mesg->code  and  die $mesg->error;          # check for errors
if( $mesg-> count() == 0 ) { exit(0) ; }

foreach my $entry ( $mesg-> entries ){
   my $userPassword = $entry->get_value('userPassword') ;
   my $sshaPassword='';
   if ( $userPassword ) { $sshaPassword= `slappasswd -n -s $userPassword` ;}
   if(  $userPassword =~ /^{SSHA/ ) {
      print $entry->dn() . " already hashed\n" ;
      next ; }
   $entry -> replace (
      userPassword => $sshaPassword,
      );
   $entry-> update($ldap) ;
   print $entry->dn() . " updated \n" ;
}