43 lines
1.1 KiB
Perl
43 lines
1.1 KiB
Perl
#/usr/bin/perl
|
|
#
|
|
# This script will look for any ldap object of type person, with attribute
|
|
# userPassword set, check wether it's already been hashed and hash it if not
|
|
|
|
use strict;
|
|
use Net::LDAP;
|
|
|
|
my $ldapserver = "localhost";
|
|
my $binddn = "cn=manager,o=od";
|
|
my $bindpw = "123Soleil" ;
|
|
my $base = 'ou=peopleEnt,o=od' ;
|
|
|
|
my $ldap = Net::LDAP->new( $ldapserver ) or die "$@" ;
|
|
|
|
my $mesg = $ldap->bind( $binddn,
|
|
password => $bindpw
|
|
);
|
|
|
|
$mesg->code and die $mesg->error; # check for errors
|
|
|
|
$mesg = $ldap->search(
|
|
base=> $base,
|
|
filter=>"(&(objectClass=person)(userpassword=*))",
|
|
attribute=>"userPassword",
|
|
);
|
|
$mesg->code and die $mesg->error; # check for errors
|
|
if( $mesg-> count() == 0 ) { exit(0) ; }
|
|
|
|
foreach my $entry ( $mesg-> entries ){
|
|
my $userPassword = $entry->get_value('userPassword') ;
|
|
my $sshaPassword = `slappasswd -n -s $userPassword` ;
|
|
if( $userPassword =~ /^{SSHA/ ) {
|
|
print $entry->dn() . " already hashed\n" ;
|
|
next ; }
|
|
$entry -> replace (
|
|
userPassword => $sshaPassword,
|
|
);
|
|
$entry-> update($ldap) ;
|
|
print $entry->dn() . " updated \n" ;
|
|
}
|
|
|