[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Modify Extended Operation Tool

To: openldap-technical@openldap.org
Subject: Re: Password Modify Extended Operation Tool
From: harry.jede@arcor.de
Date: Mon, 9 May 2011 22:18:47 +0200
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=arcor.de; s=mail-in; t=1304972330; bh=M9iW+LzigEQkFRfBzsWcmzhn1YsIhf9crdBr5S0pLe0=; h=From:To:Subject:Date:References:In-Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Message-Id; b=bffhnftmNU4EoOs+KI/L3NQurtRYCrllfs0aq39pyKDL+8NeuPxlqbC8sNV/c53ux embv3VGrfBZlpnZEmVeOc5qVpRjTDs7aIq1DhueIXuXq/EeNZSC8AbrXXq0uS3qF5d +HTQ3ePKLTjoJTKMZ3RfYZHGxdm7WhaQQ6g6fFVo=
In-reply-to: <dacb42116394586b3b2feac70d3edc19.squirrel@webmailnew.cabm.rutgers.edu>
References: <dacb42116394586b3b2feac70d3edc19.squirrel@webmailnew.cabm.rutgers.edu>
User-agent: KMail/1.9.9

Shelley Waltz wrote:
> I searched and did not find a suitable answer, so I am
> posting.  Somehow I feel there is an answer, but it has
> eluded me.
>
> I have RHEL5 with openldap with the ppolicy module.
> I wish to have a script or web cgi which I can have
> the users access to change their password and have them
> obey the ppolicy restrictions.  I have not been able
> to find a suitable tool which  will provide feedback
> regarding their selection requirements and errors.
> If there is one, please point me in the right direction.
>
> regards
> Shelley

If you take a look at the mailing list archive, you find this mail from 
Buchan Milne. Maybe it will solve your problem:

----------  Weitergeleitete Nachricht  ----------

Betreff: Re: Invalid DN Syntax in Shell Script
Datum: Dienstag, 3. Mai 2011
Von: Buchan Milne <bgmilne@staff.telkomsa.net>
An: Inácio Alves <inacioc.alves@gmail.com>

----- Original Message -----
> Hi to all,
> 
> 
> I'm trying write a script shell to simplifies the change of pass of
> users.

You may prefer to look for some existing scripts/tools. For example, I 
have:
http://staff.telkomsa.net/~bgmilne/ldap/ldap-passwd.pl

which can work as a shell command or as a CGI. I currently use it in 
conjunction with the script:
http://staff.telkomsa.net/~bgmilne/ldap/find-ldap-expired.pl

which notifies my users by email that their passwords will expire.

Run 'perldoc xxx.pl' to see the documentation for each script.

> Then I write
> 
> 
> function verificaSenha(){
> whoAmI=`whoami`
> param=`echo "ldapsearch -x -W -D
> \"uid=$whoAmI,ou=People,dc=ifce,dc=edu,dc=br\" -b
> \"dc=ifce,dc=edu,dc=br\" \"(uid=$whoAmI)\""`
> exec `echo "$param"`
> }
> 
> 
> the line param=... produces a command line that when I write directly
> in the term it works, however in the line exec "$param" I am
> solicitated my LDAP pass (like in directly term) but when I type I get
> 
> 
> 
> ldapsearch -x -W -D "uid=inacio,ou=People,dc=ifce,dc=edu,dc=br" -b
> "dc=ifce,dc=edu,dc=br" "(uid=inacio)"
> Enter LDAP Password:
> ldap_bind: Invalid DN syntax (34)
> additional info: invalid DN

You should probably compare the logs on the LDAP server for the two 
binds, and see if they differ. I suspect a difference introduced by 
shell quoting. I wouldn't use exec, but rather just call ldapsearch 
directly.

But, then, shell quoting, handling of spaces etc. are reasons to avoid 
shell scripting for serious LDAP work.

Regards,
Buchan

-------------------------------------------------------

-- 

Harry Jede

References:
- Password Modify Extended Operation Tool
  - From: "Shelley Waltz" <shwaltz@cabm.rutgers.edu>

Prev by Date: Re: Password Modify Extended Operation Tool
Next by Date: Re: Password Modify Extended Operation Tool
Index(es):
- Chronological
- Thread