/usr/share/debian-edu-config/tools/passwd is in debian-edu-config 1.818+deb8u2.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 | #!/bin/bash
# $Id$
# This script changes a users password in ldap - and if smbpasswd exists,
# also update samba password
# use at own risk
NEWPASSWD=
NAME=$1
if [ -z "$NAME" ] ; then
echo -e "usage:
$0 <username>"
exit 2
fi
ldapdn() {
filter="$1"
ldapsearch -x "$filter" 2>/dev/null | perl -p0e 's/\n //g' | \| awk '/^dn: / {print $2}'
}
USERDN=$(ldapdn "(uid=$NAME)")
# Who do you want to change password of ?
# only admin user are allow to change password of admin user
case "$NAME" in
admin)
ENTRY=cn
BINDUSER=$(ldapdn "(cn=admin)")
;;
smbadmin)
ENTRY=cn
BINDUSER=$(ldapdn "(cn=admin)")
NEWPASSWD=$(makepasswd)
;;
*) ENTRY=uid
UID=$(id -un)
BINDUSER=$(ldapdn "(uid=$UID)")
;;
esac
# Binding as admin only if you are root user,
# If you are root, you should know the admin password
test $(id -u) -eq 0 && BINDUSER=$(ldapdn "(cn=admin)")
if [ -z "$NEWPASSWD" ] ; then
# Make sure we have a new password (and we know what it is)
read -p "Enter new password for user $NAME: " -s NEWPASSWD
echo
read -p "Reenter new password: " -s CHKPASSWD
echo
if [ "$CHKPASSWD" != "$NEWPASSWD" ] ; then
echo "Sorry, passwords don't match"
exit 2
fi
fi
# NOW Try to change the password
RESULT="$(ldappasswd -xZZW -s "$NEWPASSWD" -D $BINDUSER $ENTRY=$USERDN)"
if [ $? != 0 ] ; then
echo "Could not change ldap passwd for user $NAME"
echo "ldappasswd returned $RESULT"
exit 2
fi
if [ ! -x /usr/bin/smbpasswd ] ; then
echo "Hmm, no smbpasswd, what kind of installation is this?"
exit 0
fi
# Need to look at python-smbpasswd for this part
case "$NAME" in
admin) ;;
smbadmin)
# If we've changed the smbadmin PW, we also need to change the stored password
/usr/bin/smbpasswd -w "$NEWPASSWD" >/dev/null
;;
*)
# root should be able to use smbpasswd directly
if [ $(id -u) -eq 0 ] ; then
echo -e "$NEWPASSWD\n$NEWPASSWD" | /usr/bin/smbpasswd -s "$NAME" >/dev/null
else # admin users should be able to use sudo
echo -e "$NEWPASSWD\n$NEWPASSWD" | sudo /usr/bin/smbpasswd -s "$NAME" >/dev/null
fi
;;
esac
|