gandc/freeipa-sam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit of passwd

Browse Source
This commit is contained in:
Noah
2020-07-22 14:59:34 -04:00
parent f92a52773e
commit 433059b5ee
1 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
freeipa-sam.sh
View File

@@ -2,7 +2,7 @@
ssleval=true ssleval=true
prefix=ldaps prefix=ldaps
passeval() { [ -z $bindpass ] && passeval="UNSET!" || passeval="SET!"; } passeval() { [ -z $bindpass ] && passeval="UNSET!" || passeval="SET!"; }
ssleval() { [ "$prefix" == "https" ] && ssleval="true" || ssleval="false"; } ssleval() { [ "$prefix" == "ldaps" ] && ssleval="true" || ssleval="false"; }
actionseval() { [ "$ldapserver" ] && [ "$binduser" ] && [ "$domain" ] && [ "$passeval" == "SET!" ] && actionseval="ready" || actionseval="conditions not yet met" && return 1; } actionseval() { [ "$ldapserver" ] && [ "$binduser" ] && [ "$domain" ] && [ "$passeval" == "SET!" ] && actionseval="ready" || actionseval="conditions not yet met" && return 1; }
menu() { menu() {
@@ -11,7 +11,7 @@ menu() {
actionseval actionseval
clear clear
echo "\ echo "\
### FreeIPA-SAM ### ### FreeIPA - Service Account Manager ###
1.) ldapserver=$ldapserver 1.) ldapserver=$ldapserver
2.) domain=$domain (ldapdomain=$ldapdomain) 2.) domain=$domain (ldapdomain=$ldapdomain)
3.) binduser=$binduser 3.) binduser=$binduser
@@ -50,7 +50,7 @@ dotask() {
read -sp "Enter password (will not echo): " bindpass read -sp "Enter password (will not echo): " bindpass
;; ;;
5|ssl) 5|ssl)
[ "$prefix" == "https" ] && prefix=http || prefix=https [ "$prefix" == "ldaps" ] && prefix=http || prefix=ldaps
;; ;;
# Actions # Actions
@@ -58,7 +58,11 @@ dotask() {
# results=$(ldapsearch "$prefix""://""$ldapserver" -b "$ldapdomain" -D "$binduser" -w "$bindpass") # results=$(ldapsearch "$prefix""://""$ldapserver" -b "$ldapdomain" -D "$binduser" -w "$bindpass")
# ;; # ;;
ls) ls)
results=$(ldapsearch "$prefix""://""$ldapserver" -b "cn=sysaccounts,cn=etc,$ldapdomain" -D "$binduser" -w "$bindpass" "(uid=*)" "uid" "memberOf" "passwordExpirationTime") results=$(ldapsearch -H "$prefix""://""$ldapserver" -b "cn=sysaccounts,cn=etc,$ldapdomain" -D "$binduser" -w "$bindpass" "(uid=*)" "dn" | grep 'dn: uid')
;;
info)
[ "$2" ] && local uid="$2" || uid="*"
results=$(ldapsearch -H "$prefix""://""$ldapserver" -b "cn=sysaccounts,cn=etc,$ldapdomain" -D "$binduser" -w "$bindpass" "(uid=$uid)" "uid" "memberOf" "passwordExpirationTime")
;; ;;
add) add)
local uid password local uid password
@@ -84,10 +88,25 @@ echo -E "\
dn: uid=$uid,cn=sysaccounts,cn=etc,$ldapdomain dn: uid=$uid,cn=sysaccounts,cn=etc,$ldapdomain
changetype: delete" | ldapmodify -H "$prefix""://""$ldapserver" -D "$binduser" -w "$bindpass" && results="Submitted." || results="Error." changetype: delete" | ldapmodify -H "$prefix""://""$ldapserver" -D "$binduser" -w "$bindpass" && results="Submitted." || results="Error."
;; ;;
passwd)
local uid password
[ "$2" ] && local uid="$2" || read -p "uid of user=" uid
read -sp "new password for user=" password
echo
read -p "password expiration date YYYYMMDD (blank for 20380119)=" expire
[ -z "$expire" ] && expire=20380119
echo -E "\
dn: uid=$uid,cn=sysaccounts,cn=etc,$ldapdomain
changetype: modify
userPassword: $password
passwordExpirationTime: ${expire}031407Z" | ldapmodify -H "$prefix""://""$ldapserver" -D "$binduser" -w "$bindpass" && results="Submitted." || results="Error."
;;
exit) exit)
exit exit
;; ;;
"")
results=""
;;
*) *)
results="\"$input\" command not found." results="\"$input\" command not found."
esac esac