58 lines
1.4 KiB
Perl
58 lines
1.4 KiB
Perl
#/usr/bin/perl
|
|
#
|
|
# This script will look for any ldap object of type person, with attribute
|
|
# userPassword set, check wether it's already been hashed and hash it if not
|
|
|
|
use strict;
|
|
use Net::LDAP;
|
|
|
|
my $ldapserver = "localhost";
|
|
my $binddn = "cn=manager,o=od";
|
|
my $bindpw = "123Soleil" ;
|
|
|
|
|
|
my $base = $ARGV[0] or die 'gimme a valid ldap base\n' ;
|
|
|
|
my $ldap = Net::LDAP->new( $ldapserver ) or die "$@" ;
|
|
|
|
my $mesg = $ldap->bind( $binddn,
|
|
password => $bindpw
|
|
);
|
|
|
|
$mesg->code and die $mesg->error; # check for errors
|
|
|
|
$mesg = $ldap->search(
|
|
scope => 'base',
|
|
attrs => ['1.1'],
|
|
base => $base ,
|
|
filter=> '(objectClass=*)',
|
|
);
|
|
die $mesg->error if $mesg->code ;
|
|
|
|
if( $mesg -> count() ==0 ) {
|
|
die( "Wrong base or unknown error\n") ;
|
|
}
|
|
|
|
$mesg = $ldap->search(
|
|
base=> $base,
|
|
filter=>"(&(objectClass=person)(userpassword=*))",
|
|
attribute=>"userPassword",
|
|
);
|
|
$mesg->code and die $mesg->error; # check for errors
|
|
if( $mesg-> count() == 0 ) { exit(0) ; }
|
|
|
|
foreach my $entry ( $mesg-> entries ){
|
|
my $userPassword = $entry->get_value('userPassword') ;
|
|
my $sshaPassword='';
|
|
if ( $userPassword ) { $sshaPassword= `slappasswd -n -s $userPassword` ;}
|
|
if( $userPassword =~ /^{SSHA/ ) {
|
|
print $entry->dn() . " already hashed\n" ;
|
|
next ; }
|
|
$entry -> replace (
|
|
userPassword => $sshaPassword,
|
|
);
|
|
$entry-> update($ldap) ;
|
|
print $entry->dn() . " updated \n" ;
|
|
}
|
|
|