#!/usr/bin/perl # # # updatepw.pl - Synchronize Passwords from Unix to LDAP # Author: Clayton Donley, Motorola, # # Reads in a password file, checks for existing entries matching # username@domain.com in the mail attribute and populates the CRYPTed # password from Unix into the userPassword attribute for that DN. # # Usage: updatepw.pl username username ... username # Example: updatepw.pl "donley" # use Net::LDAPapi; # Define these values $ldap_server = "localhost"; $PWFILE = "/etc/passwd"; $BASEDN = "o=Org, c=US"; $ROOTDN = "cn=Directory Manager, o=Org, c=US"; $ROOTPW = "abc123"; $MAILATTR = "mail"; $MYDOMAIN = "mycompany.com"; open(PASSWD,$PWFILE); while($line = ) { chop $line; ($user,$pass) = split(/:/,$line); $pwuser{$user} = $pass; } close(PASSWD); # Initialize Connection to LDAP Server if (($ld = new Net::LDAPapi($ldap_server)) == -1) { die "Cannot Open Connection to Server!"; } # Bind as the ROOT DIRECTORY USER to LDAP connection $ld if ($ld->bind_s($ROOTDN,$ROOTPW) != LDAP_SUCCESS) { die $ld->errstring; } # Specify what to Search For foreach $username (@ARGV) { # Perform Search $filter = "($MAILATTR=$username\@$MYDOMAIN)"; if ($ld->search_s($BASEDN,LDAP_SCOPE_SUBTREE,$filter,["uid","userpassword","mail"],0) != LDAP_SUCCESS) { $ld->unbind; die $ld->errstring; } # Here we get a HASH of HASHes... All entries, keyed by DN and ATTRIBUTE. # # Since a reference is returned, we simply make %record contain the HASH # that the reference points to. if ($ld->first_entry == 0) { print "Not Found: $username\@$MYDOMAIN\n"; } else { $dn = $ld->get_dn; @pass = $ld->get_values('userpassword'); if ($pass[0] ne "{CRYPT}$pwuser{$username}") { $modifyrec{"userpassword"} = [ "{CRYPT}$pwuser{$username}" ]; if ($ld->modify_s($dn,\%modifyrec) != LDAP_SUCCESS) { print "Error: $dn Unsuccessful.\n"; print "modify_s: $ld->errstring\n"; } print "Updated: $username\@$MYDOMAIN\n"; } else { print "Matched: $username\@$MYDOMAIN\n"; } } } $ld->unbind; exit;