Created
January 22, 2024 15:06
-
-
Save fumiyas/c3252d33dbb3a52517b7b1edc2af1ba3 to your computer and use it in GitHub Desktop.
OpenLDAP: 既存パスワードのバックアップと新パスワード割り当て / リストア
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ## | |
| ## OpenLDAP: 既存パスワードのバックアップと新パスワード割り当て / リストア | |
| ## Copyright (c) 2024 SATOH Fumiyasu @ OSSTech Corp., Japan | |
| ## | |
| ## License: GNU General Public License version 3 | |
| ## | |
| ## | |
| ## * OpenLDAP DIT の動作テスト時に利用することを想定したスクリプトです。 | |
| ## * エントリのパスワードやアクセス権などをテストする際に | |
| ## 割り当て済みのパスワードが不明な場合に利用できます。 | |
| ## * LDAP DIT 外の slapd.conf(5) の rootpw ディレクティブ、 | |
| ## slapd-config(5) の olcRootPW 属性のパスワードには対応してません。 | |
| ## | |
| set -u | |
| set -e | |
| set -o pipefail || exit $? | |
| umask 0077 | |
| export LANG=C | |
| export PATH="/opt/osstech/bin:$PATH" | |
| pdie() { | |
| echo "$0: ERROR: $*" 1>&2 | |
| exit 1 | |
| } | |
| ## ====================================================================== | |
| ldap_opts=( | |
| -H ldapi:/// | |
| -Y external | |
| -Q | |
| ) | |
| ldap_search() { | |
| ldapsearch "${ldap_opts[@]}" \ | |
| -LLL \ | |
| -o ldif-wrap=no \ | |
| "$@" \ | |
| |ldifunbase64 \ | |
| ; | |
| } | |
| ldap_modify() { | |
| ldapmodify "${ldap_opts[@]}" \ | |
| "$@" \ | |
| ; | |
| } | |
| ldap_passwd() { | |
| ldappasswd "${ldap_opts[@]}" \ | |
| "$@" \ | |
| ; | |
| } | |
| ## ====================================================================== | |
| if [[ $# -ne 2 ]]; then | |
| echo "Usage: $0 <backup|restore> DN" | |
| exit 1 | |
| fi | |
| op="$1"; shift | |
| dn="$1"; shift | |
| ## ====================================================================== | |
| backup_ldif_fname="$dn.password.backup.ldif" | |
| case "$op" in | |
| backup) | |
| echo "Backuping the password hash to $backup_ldif_fname.$$.tmp..." | |
| if [[ -s $backup_ldif_fname ]]; then | |
| pdie "Backup file already exists: $backup_ldif_fname" | |
| fi | |
| { | |
| echo "dn: $dn" | |
| echo "changetype: modify" | |
| echo "replace: userPassword" | |
| ldap_search \ | |
| "(entryDN=$dn)" \ | |
| userPassword \ | |
| |tail -n +2 \ | |
| ; | |
| } \ | |
| >"$backup_ldif_fname.$$.tmp" \ | |
| ; | |
| echo | |
| echo "Changing password for $dn..." | |
| if ! ldap_passwd -S "$dn"; then | |
| ret="$?" | |
| rm "$backup_ldif_fname.$$.tmp" | |
| exit "$ret" | |
| fi | |
| echo | |
| echo "Renaming $backup_ldif_fname.$$.tmp to $backup_ldif_fname..." | |
| mv "$backup_ldif_fname.$$.tmp" "$backup_ldif_fname" | |
| ;; | |
| restore) | |
| echo "Restoring the password hash from $backup_ldif_fname..." | |
| if [[ ! -s $backup_ldif_fname ]]; then | |
| pdie "Backup file not found: $backup_ldif_fname" | |
| fi | |
| ldap_modify -f "$backup_ldif_fname" >/dev/null | |
| echo "Removing $backup_ldif_fname..." | |
| rm "$backup_ldif_fname" | |
| ;; | |
| *) | |
| pdie "Invalid operation name: $op" | |
| ;; | |
| esac | |
| echo | |
| echo "Done!" | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment