Change your LDAP password

Sick of using ldappasswd to reset a users password?

Stick this in your cgi-bin dir and you'll never type it again!

Main Script

#!/usr/bin/perl
###########################################
#                                         #
# Gavin Henry                             #
# 0.1 - 26.08.05                          #
# 0.2 - 05.01.06                          # 
#                                         #
# Web page to Change Samba LDAP Passwords #
#                                         #
# Licence: GPL                            #
#                                         #
# See /etc/changepass.conf for settings   #
#                                         #
# TODO: Start_TLS/LDAPS                   #
#                                         #
###########################################

use strict;

# Create a config and open configurartion file
use Config::Tiny;
my $Config = Config::Tiny->new();
$Config = Config::Tiny->read('/etc/changepass.conf')
  or die "Cannot open config file $!";

# HTML Settings #####################################
my $title   = $Config->{html}->{title};             #
my $heading = $Config->{html}->{heading};           #
my $css     = $Config->{html}->{css};               #
#####################################################

# LDAP Settings #####################################
my $passlength = $Config->{ldap}->{passlength};     #
my $hostname   = $Config->{ldap}->{hostname};       #
my $adminbind  = $Config->{ldap}->{rootdn};         #
my $userbind   = $Config->{ldap}->{userbind};       #
#####################################################

# Create form etc.
use CGI qw/:standard/;
print header,
  start_html(
    -title => "$title",
    -style => { -src => "$css" }
  ),
  h1("$heading"), start_form, br, "Username to change:",
  textfield( -name => 'name', ), br, "Admin Password:",
  password_field(
    -name      => 'adminpasswd',
    -size      => 15,
    -maxlength => 15,
  ),
  br, "New Password:",
  password_field(
    -name      => 'newpasswd',
    -size      => 15,
    -maxlength => 15
  ),
  br, "Verify Password:",
  password_field(
    -name      => 'verify_passwd',
    -size      => 15,
    -maxlength => 15
  ),
  br, submit, end_form, hr;

#Begin tests
if ( param() ) {
    my $name          = param('name');
    my $adminpasswd   = param('adminpasswd');
    my $newpasswd     = param('newpasswd');
    my $verify_passwd = param('verify_passwd');

    if ( $name eq '' ) {
        print "Must have a username!!\n";
        hr;
    }
    elsif ( $newpasswd eq '' ) {
        print "Must have a new password!\n";
        hr;
    }
    elsif ( $adminpasswd eq '' ) {
        print "Must have the Admin password!\n";
        hr;
    }
    elsif ( length $newpasswd < $passlength ) {
        print "The password must be more than or equal to $passlength 
+characters, but no more than 15.\n";
        hr;
    }
    elsif ( $newpasswd ne $verify_passwd ) {
        print "Sorry, the passwords do not match!\n";
        hr;
    }
    elsif ( $newpasswd eq $verify_passwd ) {
        print "Changing password now.....", p;
        hr;

        # Begin LDAP Stuff
        use Net::LDAP;
        use Net::LDAP::Extension::SetPassword;

        my $ldap = Net::LDAP->new("$hostname")
          or die "Host not found: $!";

        $ldap->bind( "$adminbind", password => "$adminpasswd" );

        # Carry on with changing passwords here
        hr;
        my $mesg = $ldap->set_password(
            newpasswd => "$newpasswd",
            user      => "uid=$name,$userbind"
        );

        die "error: ", $mesg->code(), ": ", $mesg->error() if ( $mesg-
+>code() );

        print "Password changed.", p;
        hr;
    }
    else {
        print "Situation unexpected, please contact Gavin!\n";
    }
}

__END__

=head1 NAME

changepass - a perl cgi script for changing LDAP Passwords

=head1 SYNOPSIS

Install Net::LDAP and Net::LDAP::Extension::SetPassword and
stick in cgi-bin, after editing /etc/changepass.conf

=head1 DESCRIPTION

Changing passwords stored in an OpenLDAP directory via ldappasswd
is a pain, so I created this simple page.

=head1 SEE ALSO

Net::LDAP, Net::LDAP::Extension::SetPassword

=head1 VERSION

This man page documents changepass version 0.1

=head1 CREDITS

The people who have worked on Net::LDAP and CGI

=head1 AUTHOR

Gavin Henry
email: ghenry at perl dot me dot uk
web  : http://www.perl.me.uk
PM   : http://aberdeen.pm.org

=head1 COPYRIGHT

Copyright (c) 2005 by Gavin Henry

=head1 LICENSE

This package is free software; you can redistribute it and/or modify i
+t
under the terms of the "GNU General Public License".

Please refer to the file "COPYING" for details.

=head1 DISCLAIMER

This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

See the "GNU General Public License" for more details.
[download]

Config file

###########################################
#                                         #
# Gavin Henry 25.08.05                    #
#                                         #
# Web page to Change Samba LDAP Passwords #
#                                         #
# Licence: GPL                            #
#                                         #
# /etc/changepw.conf for settings         #
#                                         #
###########################################

# Tips:
#
# Don't put any spaces either side of the equals
# sign. 
# 
# Well you can really in front of it, but
# not after it ;-)


# Set a few html things
[html]
title=Change Password
heading=Change Password
css=/passwd.css

# ldap stuff
[ldap]
passlength=6
hostname=ldap.yourhost.org
rootdn=cn=Manager,dc=yourhost,dc=org
userbind=ou=People,dc=yourhost,dc=org
[download]

I hope this helps someone out.

Walking the road to enlightenment... I found a penguin and a camel on the way.....
Fancy a yourname@perl.me.uk? Just ask!!!

Comment on Change your LDAP password Select or Download Code

Replies are listed 'Best First'.
Re: Change your LDAP password by calin (Deacon) on Sep 01, 2005 at 22:43 UTC
You're writing in the code header: `<SNIP> # Web page to Change Samba LDAP Passwords # <SNIP>` [download] Question: does Net::LDAP::Extension::SetPassword really change the Samba NT and LM password-equivalent hashes (the `sambaLMPassword` and `sambaNTPassword` attributes)? My impression is that it only changes the LDAP entry password via EXOP on supporting servers (OpenLDAP is known to work). I'm writing this because I wrote a similar tool a while ago, and I remember I had to set the hashes separately with the output from the "mkntpwd" utility.	[reply] [d/l] [select]
Re^2: Change your LDAP password by -tea (Initiate) on Sep 15, 2005 at 02:58 UTC
Thanks for sharing this, I use this to change LDAP password and it works perfect. Question: not sure what does $admin hold? my $admin = param('admin');	[reply]
Re^3: Change your LDAP password by ghenry (Vicar) on Jan 05, 2006 at 14:19 UTC
That was for a checkbox to say whether the user was the admin or not. It should be removed. Updating code now. Walking the road to enlightenment... I found a penguin and a camel on the way..... Fancy a yourname@perl.me.uk? Just ask!!!	[reply]
Re^2: Change your LDAP password by ghenry (Vicar) on Sep 01, 2005 at 23:11 UTC
Good point. I forgot about those parts. I'll need to add that. Cheers. Walking the road to enlightenment... I found a penguin and a camel on the way..... Fancy a yourname@perl.me.uk? Just ask!!!	[reply]