Here it is. I was using it to change password on openldap + samba using ldap. Samba has its own password attribute. This script takes password from user, encrypt it in crypt + call smbpasswd to set password aswell.
$ cat sambaldapnewpass #!/bin/bash #ask user for password: BASEDN="dc=org1,dc=county" USERDN="dc=domain1" BASEDIR=/home/lol87 #login LDAP format: uid=$LOGIN,$USERDN,$BASEDN if [ -e $1 ]; then echo "Login" read LOGIN else LOGIN=$1 fi stty -echo PASS=s PASS2=w while [ $PASS != $PASS2 ]; do echo "new password:" read PASS echo "repeat new password:" read PASS2 done stty echo echo $PASS > $BASEDIR/${LOGIN}.tmp chmod 400 $BASEDIR/${LOGIN}.tmp #generate new password for LDAP: LDAPPASS=$(slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n) echo $LDAPPASS rm $BASEDIR/${LOGIN}.tmp cat $BASEDIR/passchange.ldif | sed ' s/LDAPLOGIN/'$LOGIN'/ ' | sed ' s/BASEDN/'$BASEDN'/ ' | sed ' s/USERDN/'$USERDN'/ ' > $BASEDIR/passchange_tmp.ldif echo "userPassword: $LDAPPASS" >> $BASEDIR/passchange_tmp.ldif ldapmodify -x -D "cn=admin,dc=domain1,dc=org1,dc=county" -w some_password < $BASEDIR/passchange_tmp.ldif #rm $BASEDIR/passchange_tmp.ldif and now: $ cat passchange.ldif dn: uid=LDAPLOGIN,USERDN,BASEDN changetype: modify replace: userPassword You may need to change: slappasswd -n -h '{crypt}' -c '$6$%.27s' -T $BASEDIR/${LOGIN}.tmp -n paremeter of -c option defines salt. In my experience i saw many Linux distros having diferent salt. Part "$6$" is required (look in man page of crypt function) and "%.27s" means to generate 27chars for salt. More details you may found in man page of slappasswd. Option -h tells slappasswd to use format provided as parameter in this case crypt. I did not use it for some time soo please treat this as a template for your script. I hope this will help you. Greg. 2012/8/5 Fosiul Alam <fos...@gmail.com> > Hi Thanks > i cant use GUI as the script should take care everything > I think it would sha1 . > i will try to find a solution if i cant please post your script here > > it would be really helpful > thanks > > > On Sun, Aug 5, 2012 at 3:49 PM, Grzegorz Dwornicki <gd1...@gmail.com> > wrote: > > You can use gui. Just edit user account and type thre new password. > > Directory server should encypt it before updating the entry in database. > > > > If you use slappasswd without any parameters it will ask for password and > > generate sha1 hash for you. To use crypt you need to set format to crypt, > > and set proper salt. > > > > I shold have on my pc example script using slappasswd i wrote it some > time > > ago. I can't post it now bcause at the moment im on the bus. If no one > will > > post example of using slappasswd then I will later. Unless you will find > > solution first. > > > > Greg. > > > > Send from htc desire z > > > > 05-08-2012 15:34, "Fosiul Alam" <fos...@gmail.com> napisaĆ(a): > > > >> HI > >> Thanks for reply > >> I am using Directory Server 389 > >> > >> and I am using a script to create the ldif file > >> > >> So some how i will have to create userpassword .. > >> > >> But dont understand .. whats the way to do that > >> From GUI interface i can create password easily > >> so whats the syntax to create userpassword ?? > >> > >> Regards > >> > >> > >> On Sun, Aug 5, 2012 at 2:25 PM, Christopher Wood > >> <christopher_w...@pobox.com> wrote: > >> > Perhaps use slappasswd? > >> > > >> > On Sun, Aug 05, 2012 at 01:58:33PM +0100, Fosiul Alam wrote: > >> >> Hi > >> >> I am generating the ldif by script. > >> >> but i cant understand how will i generate the userpassword. > >> >> > >> >> userPassword: {crypt}x > >> >> > >> >> how this crypt or hash working > >> >> > >> >> Please give me some lights on this. > >> >> > >> >> > >> >> Regards > >> >> -- > >> >> 389 users mailing list > >> >> 389-users@lists.fedoraproject.org > >> >> https://admin.fedoraproject.org/mailman/listinfo/389-users > >> > -- > >> > 389 users mailing list > >> > 389-users@lists.fedoraproject.org > >> > https://admin.fedoraproject.org/mailman/listinfo/389-users > >> > >> > >> > >> -- > >> Regards > >> Fosiul Alam > >> 07877100621 > >> http://www.fosiul.co.uk > >> -- > >> 389 users mailing list > >> 389-users@lists.fedoraproject.org > >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > -- > > 389 users mailing list > > 389-users@lists.fedoraproject.org > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > -- > Regards > Fosiul Alam > 07877100621 > http://www.fosiul.co.uk > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users