--- /dev/null
+#!/bin/bash
+
+set -e
+set -u
+
+LDAP_USR="cn=admin"
+LDAP_URL="ldaps://dev-ldap2.pixelpark.com"
+# LDAP_URL="ldap://ldap.pixelpark.com"
+LDAP_PWD_FILE="${HOME}/.private/dirsrv-dpx-admin-pwd-wonl.txt"
+# LDAP_PWD_FILE="${HOME}/.private/ldap-admin-wonl.txt"
+LDAP_BASE="o=isp"
+DPX_PEOPLE_SEARCH_BASE="ou=People,o=Pixelpark,o=isp"
+
+NEW_IMAP_SERVER='dev-imap01.pixelpark.com'
+
+PWD_HASH_FBREHM="{PBKDF2_SHA256}AAAIACeyMif+rcXuIDhZvJLqcfH6ha1+JrZJeoMzkwvOWZg\
+HKmPajIJ81CaumGfut/bW55VSoLNKaNKY/4+Y1M7dmfLGuSiyUP6gJ2pY2NHiIBtl9kwe6H7A8uOEQr\
+OgnfqZQzpwrGfOAH6THaQUJhRoVwKSObD0eGIc2S3ETGvf7dinDK6BHDCPqDYY/KaeEI9MclPhZbwFY\
+up9IVTherAkv9aLoPP8HP4QFxC1yi3Ek2gGBCjvxuMd6cHYWySRtpHvF6b2yjXcMe1uoeHmNWMwqKl8\
+0oE1ZAjFKrts2rFdMwmJvqM3BaPZTra8j03NhqA/Syl2CJ2du2wDfrhjRcAgsLGegV/gF/oti3GSsk9\
+wnhNR1Db4nR5uCe2RCCyd+3guoTWVV6OzgUuYcM8QKhTeDzHPmKjWn+gPXH8VYHNdTMbJ"
+
+declare -a UIDS_NEW_IMAP=(
+ 'robert.waffen'
+ 'lutz.beier'
+)
+
+LDIF_FILE=
+
+if [[ ! -f "${LDAP_PWD_FILE}" ]] ; then
+ echo "Password file '${LDAP_PWD_FILE}' not found" >&2
+ exit 3
+fi
+
+if [[ ! -r "${LDAP_PWD_FILE}" ]] ; then
+ echo "Password file '${LDAP_PWD_FILE}' not readable" >&2
+ exit 3
+fi
+
+#------------------------------------------------------------------------------
+cleanup_tmp_file() {
+ if [[ -n "${LDIF_FILE}" ]] ; then
+ if [[ -e "${LDIF_FILE}" ]] ; then
+ echo "Removing temporary file '${LDIF_FILE}' ..."
+ rm -v --force --recursive "${LDIF_FILE}"
+ fi
+ fi
+}
+
+#------------------------------------------------
+update_passwd_fbrehm() {
+
+ local usr='frank.brehm'
+ local dn=
+ local filter="(&(objectClass=*)(|(mail=${usr})(mailAlternateAddress=${usr})"
+ filter+="(mailEquivalentAddress=${usr})(uid=${usr})))"
+ local cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
+ cmd+="-b \"${DPX_PEOPLE_SEARCH_BASE}\" -v -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+ cmd+="\"${filter}\" dn | grep '^dn:' | sed -e 's/^dn:[ ][ ]*//i' | head -n 1"
+
+ echo
+ echo "Executing: ${cmd}"
+ echo
+ dn=$( eval ${cmd} )
+ if [[ -z "${dn}" ]] ; then
+ echo "Did not found user '${usr}'."
+ return
+ fi
+
+ cat > "${LDIF_FILE}" <<-EOF
+ dn: ${dn}
+ changetype: modify
+ EOF
+
+ echo "Searching for existing password ..."
+ cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
+ cmd+="-b \"${dn}\" -v -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+ cmd+="'(objectClass=*)' userPassword | grep -i '^userPassword:'"
+ echo
+ echo "Executing: ${cmd}"
+ echo
+ local cur_pwd=$( eval $cmd )
+
+ if [[ -z "${cur_pwd}" ]] ; then
+ echo "Adding attribute userPassword ..."
+ cat >> "${LDIF_FILE}" <<-EOF
+ add: userPassword
+ EOF
+ else
+ echo "Modifying attribute userPassword ..."
+ cat >> "${LDIF_FILE}" <<-EOF
+ replace: userPassword
+ EOF
+ fi
+
+ echo "userPassword: ${PWD_HASH_FBREHM}" >> "${LDIF_FILE}"
+ echo "-" >> "${LDIF_FILE}"
+ echo '' >> "${LDIF_FILE}"
+
+ echo
+ echo "Resulting LDIF:"
+ echo "---------------"
+ echo
+ cat "${LDIF_FILE}"
+
+ cmd="ldapmodify -H \"${LDAP_SERVER}\" -x -D \"${LDAP_BIND_DN}\" -y \"${LDAP_PWD_FILE}\""
+ cmd+=" -f \"$( readlink -f "${LDIF_FILE}" )\""
+ echo
+ echo "Executing: ${cmd}"
+ echo
+ eval $cmd
+ echo
+ echo "Done."
+ echo
+
+}
+
+#------------------------------------------------
+main() {
+
+ echo "Creating temporary LDIF file ..."
+ LDIF_FILE=$( mktemp after-migration.XXXXXXXX.ldif )
+ echo "Temporary file is '${LDIF_FILE}'."
+
+ trap cleanup_tmp_file INT TERM EXIT ABRT
+
+ update_passwd_fbrehm
+
+
+}
+
+main "$@"
+
+# vim: et list