Last active
August 29, 2015 14:06
-
-
Save ilyaevseev/3a77685738af906ff113 to your computer and use it in GitHub Desktop.
Change LDAP passwords via simple Web-based form. Rewritten from PHP to Perl, tested with 389-DS.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| use strict; | |
| use warnings; | |
| use CGI; | |
| my $cgi = new CGI; | |
| my $textTitle = 'Change LDAP password'; | |
| my $textHeader = 'Change your LDAP password'; | |
| my $msgEnterLogin = 'Login'; | |
| my $msgEnterCurrentPassword = 'Current password'; | |
| my $msgEnterNewPassword = 'New password'; | |
| my $msgRepeatNewPassword = 'Repeat new password'; | |
| my $msgNewPasswordMismatch = 'Passwords did not match. Please try again.'; | |
| my $msgNewPasswordUnchanged = 'Old and new passwords are equal. Please try again.'; | |
| my $msgPasswordChanged = 'Password is successfully changed!'; | |
| my $msgOk = 'Congratulations!'; | |
| my $msgError = 'Error'; | |
| sub get_param($;$) { | |
| return '' if $_[1] and $cgi->request_method ne $_[1]; | |
| my $val = $cgi->param($_[0]); | |
| return '' unless defined $val; | |
| $val =~ s/\'/\\'/g; | |
| $val; | |
| } | |
| my $userLogin = get_param('login'); | |
| my $currentPassword = get_param('currentPassword' , 'POST'); | |
| my $newPassword = get_param('newPassword' , 'POST'); | |
| my $repeatNewPassword = get_param('repeatNewPassword', 'POST'); | |
| my $ldapPasswd = '/usr/bin/ldappasswd'; | |
| my $ldapFullUsername = "uid=$userLogin,ou=People,dc=myoffice,dc=net"; | |
| my $ldapURI = 'ldaps://ldap.myoffice.net'; | |
| ## | |
| ## NOTE! ldaps requires "TLS_CACERT /path/to/slapd-ca.crt" | |
| ## in /etc/ldap/ldap.conf or ~/ldaprc or ~/.ldaprc or ./ldaprc | |
| ## | |
| print << "HEADER"; | |
| Content-type: text/html | |
| <html> | |
| <head> | |
| <title>$textTitle</title> | |
| </head> | |
| <body> | |
| <center><h2>$textHeader</h2></center> | |
| HEADER | |
| sub put_box { | |
| my ($title, $titleForeColor, $titleBackColor, $msgForeColor, $msgBackColor, @msg) = @_; | |
| my $msg = join('<br/>', @msg); | |
| print " | |
| <table border='0' cellpadding='10' align='center' bgcolor='$titleBackColor'> | |
| <tr><th align='left' valign='center' bgcolor='$titleBackColor'><font color='$titleForeColor'><big>$title</big></font></th></tr> | |
| <tr><td align='left' valign='center' bgcolor='$msgBackColor' ><font color='$msgForeColor' >$msg</font></td></tr> | |
| </table> | |
| "; | |
| } | |
| sub ok_box { put_box($msgOk, 'White', 'Blue', 'Green', 'Wheat', @_) } | |
| sub error_box { put_box($msgError, 'Yellow', 'Red', 'Red', 'Wheat', @_) } | |
| sub put_line { | |
| my ($title, $type, $name, $value) = @_; | |
| print " | |
| <tr> | |
| <td align='right'>$title:</td> | |
| <td align='left'><input type='$type' name='$name' value='$value' maxlength='255'/></td> | |
| </tr>"; | |
| } | |
| my $runForm = 1; | |
| if ($userLogin && $currentPassword && $newPassword && $repeatNewPassword) { | |
| if ($newPassword ne $repeatNewPassword) { | |
| error_box($msgNewPasswordMismatch); | |
| } elsif ($newPassword eq $currentPassword) { | |
| error_box($msgNewPasswordUnchanged); | |
| } else { | |
| my $ldapCommand = "$ldapPasswd -v -x -D '$ldapFullUsername'" | |
| .($ldapURI ? " -H '$ldapURI'" : "") | |
| ." -s '$newPassword' -w '$currentPassword'"; | |
| my $ldapOutput = `$ldapCommand 2>&1`; | |
| my $ldapResult = $? >> 8; | |
| if ($ldapResult == 0) { | |
| ok_box($msgPasswordChanged); | |
| $runForm = 0; | |
| } else { | |
| error_box($ldapOutput); | |
| } | |
| } | |
| } | |
| if ($runForm) { | |
| print " | |
| <form action='' method='POST'> | |
| <p> | |
| <table align='center' border='0' cellpadding='4'> | |
| "; | |
| put_line($msgEnterLogin, 'text', 'login', $userLogin); | |
| put_line($msgEnterCurrentPassword, 'password', 'currentPassword', $currentPassword); | |
| put_line($msgEnterNewPassword, 'password', 'newPassword', $newPassword); | |
| put_line($msgRepeatNewPassword, 'password', 'repeatNewPassword', $repeatNewPassword); | |
| print << "TABLE_FOOTER"; | |
| <tr><td colspan='2' align='center' valign='bottom'> | |
| <br/> | |
| <input type='submit'/> | |
| <input type='reset' /> | |
| </td></tr> | |
| </table> | |
| </p> | |
| TABLE_FOOTER | |
| } # ..if(runForm) | |
| print << "FOOTER"; | |
| <p align='right'> | |
| <small> | |
| <a href='https://gist.github.com/ilyaevseev/' | |
| >Powered by web-frontend for LDAP password ver.0.3</a> | |
| </small> | |
| </p> | |
| </form> | |
| </body> | |
| </html> | |
| FOOTER |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment