Re: how to generate the userpassword

Fosiul Alam <fosiul@xxxxxxxxx> · Sun, 5 Aug 2012 20:15:54 +0100

Hi
thanks its works fine. perfectly

Thanks for your help

On Sun, Aug 5, 2012 at 7:24 PM, Fosiul Alam <fosiul@xxxxxxxxx> wrote:
> Hi thanks for the script
>
> one thing i am still confused is
> suppose i want to give password "test123" as default password at time
> of user creating
> how will i create this password and will put that one in
>
> userPassword:  ???
>
>
>
> On Sun, Aug 5, 2012 at 6:29 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx> wrote:
>> Here it is. I was using it to change password on openldap + samba using
>> ldap. Samba has its own password attribute. This script takes password from
>> user, encrypt it in crypt + call smbpasswd to set password aswell.
>>
>> $ cat sambaldapnewpass
>> #!/bin/bash
>>
>> #ask user for password:
>>
>> BASEDN="dc=org1,dc=county"
>> USERDN="dc=domain1"
>> BASEDIR=/home/lol87
>>
>> #login LDAP format: uid=$LOGIN,$USERDN,$BASEDN
>>
>> if  [ -e $1 ];
>> then
>>     echo "Login"
>>     read LOGIN
>> else
>>     LOGIN=$1
>> fi
>>
>> stty -echo
>>
>> PASS=s
>> PASS2=w
>>
>> while [ $PASS != $PASS2 ];
>> do
>>     echo "new password:"
>>     read PASS
>>     echo "repeat new password:"
>>     read PASS2
>> done
>>
>> stty echo
>>
>> echo $PASS > $BASEDIR/${LOGIN}.tmp
>> chmod 400 $BASEDIR/${LOGIN}.tmp
>>
>> #generate new password for LDAP:
>>
>> LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp
>> -n)
>> echo $LDAPPASS
>> rm $BASEDIR/${LOGIN}.tmp
>>
>> cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed '
>> s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ ' >
>> $BASEDIR/passchange_tmp.ldif
>> echo  "userPassword: $LDAPPASS" >> $BASEDIR/passchange_tmp.ldif
>> ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password <
>> $BASEDIR/passchange_tmp.ldif
>>
>> #rm $BASEDIR/passchange_tmp.ldif
>>
>> and now:
>> $ cat passchange.ldif
>> dn: uid=LDAPLOGIN,USERDN,BASEDN
>> changetype: modify
>> replace: userPassword
>>
>> You may need to change:
>>
>> slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n
>>
>> paremeter of -c option defines salt. In my experience i saw many Linux
>> distros having diferent salt. Part "$6$" is required (look in man page of
>> crypt function) and "%.27s" means to generate 27chars for salt. More details
>> you may found in man page of slappasswd. Option -h tells slappasswd to use
>> format provided as parameter in this case crypt.
>>
>> I did not use it for some time soo please treat this as a template for your
>> script. I hope this will help you.
>>
>> Greg.
>>
>>
>> 2012/8/5 Fosiul Alam <fosiul@xxxxxxxxx>
>>>
>>> Hi Thanks
>>> i cant use GUI  as the script should take care everything
>>> I think it would sha1 .
>>> i will try to find a solution if i cant please post your script here
>>>
>>> it would be really helpful
>>> thanks
>>>
>>>
>>> On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1100@xxxxxxxxx>
>>> wrote:
>>> > You can use gui. Just edit user account and type thre new password.
>>> > Directory server should encypt it before updating the entry in database.
>>> >
>>> > If you use slappasswd without any parameters it will ask for password
>>> > and
>>> > generate sha1 hash for you. To use crypt you need to set format to
>>> > crypt,
>>> > and set proper salt.
>>> >
>>> > I shold have on my pc example script using slappasswd i wrote it some
>>> > time
>>> > ago. I can't post it now bcause at the moment im on the bus. If no one
>>> > will
>>> > post example of using slappasswd then I will later. Unless you will find
>>> > solution first.
>>> >
>>> > Greg.
>>> >
>>> > Send from htc desire z
>>> >
>>> > 05-08-2012 15:34, "Fosiul Alam" <fosiul@xxxxxxxxx> napisał(a):
>>> >
>>> >> HI
>>> >> Thanks for reply
>>> >> I am using Directory Server 389
>>> >>
>>> >> and I am using a script to create the ldif file
>>> >>
>>> >> So some how i will  have to create userpassword ..
>>> >>
>>> >> But dont understand .. whats the way  to do that
>>> >> From GUI interface i can create password  easily
>>> >> so whats the syntax to create userpassword ??
>>> >>
>>> >> Regards
>>> >>
>>> >>
>>> >> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood
>>> >> <christopher_wood@xxxxxxxxx> wrote:
>>> >> > Perhaps use slappasswd?
>>> >> >
>>> >> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote:
>>> >> >> Hi
>>> >> >> I am generating  the ldif by script.
>>> >> >> but i cant understand how  will i generate the userpassword.
>>> >> >>
>>> >> >> userPassword: {crypt}x
>>> >> >>
>>> >> >> how this crypt or hash working
>>> >> >>
>>> >> >> Please give me some lights on this.
>>> >> >>
>>> >> >>
>>> >> >> Regards
>>> >> >> --
>>> >> >> 389 users mailing list
>>> >> >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> >> > --
>>> >> > 389 users mailing list
>>> >> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Regards
>>> >> Fosiul Alam
>>> >> 07877100621
>>> >> http://www.fosiul.co.uk
>>> >> --
>>> >> 389 users mailing list
>>> >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> >> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> >
>>> >
>>> > --
>>> > 389 users mailing list
>>> > 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>>
>>>
>>> --
>>> Regards
>>> Fosiul Alam
>>> 07877100621
>>> http://www.fosiul.co.uk
>>> --
>>> 389 users mailing list
>>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
> --
> Regards
> Fosiul Alam
> 07877100621
> http://www.fosiul.co.uk

-- 
Regards
Fosiul Alam
07877100621
http://www.fosiul.co.uk
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users