OLD_IMAP_SERVER='mail-brln-store02.pixelpark.com'
NEW_IMAP_SERVER='dev-imap01.pixelpark.com'
-PWD_HASH_FBREHM="{PBKDF2_SHA256}AAAIACeyMif+rcXuIDhZvJLqcfH6ha1+JrZJeoMzkwvOWZg\
-HKmPajIJ81CaumGfut/bW55VSoLNKaNKY/4+Y1M7dmfLGuSiyUP6gJ2pY2NHiIBtl9kwe6H7A8uOEQr\
-OgnfqZQzpwrGfOAH6THaQUJhRoVwKSObD0eGIc2S3ETGvf7dinDK6BHDCPqDYY/KaeEI9MclPhZbwFY\
-up9IVTherAkv9aLoPP8HP4QFxC1yi3Ek2gGBCjvxuMd6cHYWySRtpHvF6b2yjXcMe1uoeHmNWMwqKl8\
-0oE1ZAjFKrts2rFdMwmJvqM3BaPZTra8j03NhqA/Syl2CJ2du2wDfrhjRcAgsLGegV/gF/oti3GSsk9\
-wnhNR1Db4nR5uCe2RCCyd+3guoTWVV6OzgUuYcM8QKhTeDzHPmKjWn+gPXH8VYHNdTMbJ"
-
LDIF_FILE=
#-------------------------------------------------------------------
}
#------------------------------------------------
-update_passwd_fbrehm() {
+update_password() {
- empty_line
- draw_line
+ local uid="$1"
+ local password_hash="$2"
+ local password_hash_base64="$2"
+ local dn=
+ local cn=
+ local cn_base64=
+ local value=
+ local filter=
+ local cmd=
+ local old_pwd_hash_base64=
+ local old_pwd_hash=
- local usr='frank.brehm'
- info "Changing LDAP password of user '${CYAN}${usr}${NORMAL}' ..."
+ empty_line
- local dn=
- local filter="(&(objectClass=*)(|(mail=${usr})(mailAlternateAddress=${usr})"
- filter+="(mailEquivalentAddress=${usr})(uid=${usr})))"
- local cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
+ debug "Searching for DN of uid '${CYAN}${uid}${NORMAL}' ..."
+ filter="(&(objectClass=*)(uid=${uid}))"
+ cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
cmd+="-b \"${DPX_PEOPLE_SEARCH_BASE}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
cmd+="\"${filter}\" dn | grep '^dn:' | sed -e 's/^dn:[ ][ ]*//i' | head -n 1"
-
- debug "Executing: ${cmd}"
+ # debug "Executing: ${cmd}"
dn=$( eval ${cmd} )
+
if [[ -z "${dn}" ]] ; then
- warn "Did not found user '${YELLOW}${usr}${NORMAL}'."
- return
+ warn "Did not found DN of uid '${YELLOW}${uid}${NORMAL}'."
+ return 0
+ fi
+ debug "Found DN of '${CYAN}${uid}${NORMAL}': ${CYAN}${dn}${NORMAL}."
+
+ debug "Searching for Common name of uid '${CYAN}${uid}${NORMAL}' ..."
+ cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
+ cmd+="-b \"${dn}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+ cmd+="\"(objectClass=*)\" cn | grep -i '^cn:' | head -n 1"
+ # debug "Executing: ${cmd}"
+ value=$( eval ${cmd} )
+ if [[ -n "${value}" ]] ; then
+ if echo "${value}" | grep -q -i "^cn::" ; then
+ cn=$( printf "${value}" | sed -e 's/^cn::[ ][ ]*//i' | base64 -d )
+ else
+ cn=$( printf "${value}" | sed -e 's/^cn:[ ][ ]*//i' )
+ fi
+ debug "Found Common name of uid '${CYAN}${uid}${NORMAL}': '${CYAN}${cn}${NORMAL}'."
+ else
+ warn "Did not found Common name of uid '${YELLOW}${uid}${NORMAL}'."
+ cn="${uid}"
+ fi
+
+ debug "Searching for old password of '${CYAN}${cn}${NORMAL}' ..."
+ cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
+ cmd+="-b \"${dn}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+ cmd+="\"(objectClass=*)\" userPassword | grep -i '^userPassword:' | head -n 1"
+ # debug "Executing: ${cmd}"
+ value=$( eval ${cmd} )
+ if [[ -n "${value}" ]] ; then
+ if echo "${value}" | grep -q -i "^userPassword::" ; then
+ old_pwd_hash=$( printf "${value}" | sed -e 's/^userPassword::[ ][ ]*//i' | base64 -d )
+ else
+ old_pwd_hash=$( printf "${value}" | sed -e 's/^userPassword:[ ][ ]*//i' )
+ fi
+ debug "Found old password hash '${CYAN}${cn}${NORMAL}': '${CYAN}${old_pwd_hash}${NORMAL}'."
+ if [[ "${old_pwd_hash}" == "${password_hash}" ]] ; then
+ info "Password of user '${CYAN}${cn}${NORMAL}' must not be changed."
+ return 0
+ fi
+ else
+ debug "User '${CYAN}${cn}${NORMAL}' has currently no password."
fi
- debug "Found DN for user '${CYAN}${usr}${NORMAL}': ${CYAN}${dn}${NORMAL}'."
cat > "${LDIF_FILE}" <<-EOF
dn: ${dn}
changetype: modify
EOF
- debug "Searching for existing password of '${CYAN}${usr}${NORMAL}' ..."
- cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
- cmd+="-b \"${dn}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
- cmd+="'(objectClass=*)' userPassword | grep -i '^userPassword:'"
- debug "Executing: ${cmd}"
- local cur_pwd=$( eval $cmd )
-
- if [[ -z "${cur_pwd}" ]] ; then
- info "Adding attribute userPassword ..."
+ if [[ -z "${old_pwd_hash}" ]] ; then
+ info "Adding userPassword to user '${CYAN}${cn}${NORMAL}' ..."
cat >> "${LDIF_FILE}" <<-EOF
add: userPassword
EOF
else
- info "Modifying attribute userPassword ..."
+ info "Modifying userPassword of user '${CYAN}${cn}${NORMAL}' ..."
cat >> "${LDIF_FILE}" <<-EOF
replace: userPassword
EOF
fi
- echo "userPassword: ${PWD_HASH_FBREHM}" >> "${LDIF_FILE}"
+ password_hash_base64=$( printf "${password_hash}" | base64 -w 0 )
+ echo "userPassword:: ${password_hash_base64}" >> "${LDIF_FILE}"
echo "-" >> "${LDIF_FILE}"
echo '' >> "${LDIF_FILE}"
fi
debug "Done."
+
}
#------------------------------------------------
done
fi
+ for uid in "${uids[@]}" ; do
+ password_hash="${password_hashes[${uid}]}"
+ update_password "${uid}" "${password_hash}"
+ done
+
}
#------------------------------------------------
trap cleanup_tmp_file INT TERM EXIT ABRT
- # update_passwd_fbrehm
update_passwords
# update_all_mailhosts
projects / pixelpark / ldap-migration.git / commitdiff