Re: how to generate the userpassword

Fosiul Alam <fosiul@xxxxxxxxx> · Sun, 5 Aug 2012 19:24:23 +0100



Hi thanks for the script

one thing i am still confused is
suppose i want to give password "test123" as default password at time
of user creating
how will i create this password and will put that one in

userPassword:  ???


On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx> wrote:
> Here it is. I was using it to change password on openldap + samba using
> ldap. Samba has its own password attribute. This script takes password from
> user, encrypt it in crypt + call smbpasswd to set password aswell.
>
> $ cat sambaldapnewpass
> #!/bin/bash
>
> #ask user for password:
>
> BASEDN="dc=org1,dc=county"
> USERDN="dc=domain1"
> BASEDIR=/home/lol87
>
> #login LDAP format: uid=$LOGIN,$USERDN,$BASEDN
>
> if  [ -e $1 ];
> then
>     echo "Login"
>     read LOGIN
> else
>     LOGIN=$1
> fi
>
> stty -echo
>
> PASS=s
> PASS2=w
>
> while [ $PASS != $PASS2 ];
> do
>     echo "new password:"
>     read PASS
>     echo "repeat new password:"
>     read PASS2
> done
>
> stty echo
>
> echo $PASS > $BASEDIR/${LOGIN}.tmp
> chmod 400 $BASEDIR/${LOGIN}.tmp
>
> #generate new password for LDAP:
>
> LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp
> -n)
> echo $LDAPPASS
> rm $BASEDIR/${LOGIN}.tmp
>
> cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed '
> s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ ' >
> $BASEDIR/passchange_tmp.ldif
> echo  "userPassword: $LDAPPASS" >> $BASEDIR/passchange_tmp.ldif
> ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password <
> $BASEDIR/passchange_tmp.ldif
>
> #rm $BASEDIR/passchange_tmp.ldif
>
> and now:
> $ cat passchange.ldif
> dn: uid=LDAPLOGIN,USERDN,BASEDN
> changetype: modify
> replace: userPassword
>
> You may need to change:
>
> slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n
>
> paremeter of -c option defines salt. In my experience i saw many Linux
> distros having diferent salt. Part "$6$" is required (look in man page of
> crypt function) and "%.27s" means to generate 27chars for salt. More details
> you may found in man page of slappasswd. Option -h tells slappasswd to use
> format provided as parameter in this case crypt.
>
> I did not use it for some time soo please treat this as a template for your
> script. I hope this will help you.
>
> Greg.
>
>
> 2012/8/5 Fosiul Alam <fosiul@xxxxxxxxx>
>>
>> Hi Thanks
>> i cant use GUI  as the script should take care everything
>> I think it would sha1 .
>> i will try to find a solution if i cant please post your script here
>>
>> it would be really helpful
>> thanks
>>
>>
>> On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx>
>> wrote:
>> > You can use gui. Just edit user account and type thre new password.
>> > Directory server should encypt it before updating the entry in database.
>> >
>> > If you use slappasswd without any parameters it will ask for password
>> > and
>> > generate sha1 hash for you. To use crypt you need to set format to
>> > crypt,
>> > and set proper salt.
>> >
>> > I shold have on my pc example script using slappasswd i wrote it some
>> > time
>> > ago. I can't post it now bcause at the moment im on the bus. If no one
>> > will
>> > post example of using slappasswd then I will later. Unless you will find
>> > solution first.
>> >
>> > Greg.
>> >
>> > Send from htc desire z
>> >
>> > 05-08-2012 15:34, "Fosiul Alam" <fosiul@xxxxxxxxx> napisał(a):
>> >
>> >> HI
>> >> Thanks for reply
>> >> I am using Directory Server 389
>> >>
>> >> and I am using a script to create the ldif file
>> >>
>> >> So some how i will  have to create userpassword ..
>> >>
>> >> But dont understand .. whats the way  to do that
>> >> From GUI interface i can create password  easily
>> >> so whats the syntax to create userpassword ??
>> >>
>> >> Regards
>> >>
>> >>
>> >> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>> >> <christopher_wood@xxxxxxxxx> wrote:
>> >> > Perhaps use slappasswd?
>> >> >
>> >> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>> >> >> Hi
>> >> >> I am generating  the ldif by script.
>> >> >> but i cant understand how  will i generate the userpassword.
>> >> >>
>> >> >> userPassword: {crypt}x
>> >> >>
>> >> >> how this crypt or hash working
>> >> >>
>> >> >> Please give me some lights on this.
>> >> >>
>> >> >>
>> >> >> Regards
>> >> >> --
>> >> >> 389 users mailing list
>> >> >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >> > --
>> >> > 389 users mailing list
>> >> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >>
>> >>
>> >>
>> >> --
>> >> Regards
>> >> Fosiul Alam
>> >> 07877100621
>> >> http://www.fosiul.co.uk
>> >> --
>> >> 389 users mailing list
>> >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> > --
>> > 389 users mailing list
>> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> Regards
>> Fosiul Alam
>> 07877100621
>> http://www.fosiul.co.uk
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users


-- 
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users