[debian-edu-commits] [Git][debian-edu/debian-edu-config][personal/gber/fix-ldap-createuser-krb5] ldap-createuser-krb5: set LDAP password when creating users

Guido Berhörster (@gber) gitlab at salsa.debian.org
Mon Aug 7 14:06:44 BST 2023 


Guido Berhörster pushed to branch personal/gber/fix-ldap-createuser-krb5 at Debian Edu / debian-edu-config


Commits:
a037063a by Guido Berhoerster at 2023-08-07T15:04:46+02:00
ldap-createuser-krb5: set LDAP password when creating users

This allows users to use gosa to change their password.

- - - - -


1 changed file:

- ldap-tools/ldap-createuser-krb5


Changes:

=====================================
ldap-tools/ldap-createuser-krb5
=====================================
@@ -60,6 +60,13 @@ if [[ $# -ne 2 || -z "$USERNAME" || -z "$GECOS" ]]; then
     exit 1
 fi
 
+read -rs -p "new password: " PASSWORD
+read -rs -p "confirm password: " CONFIRM
+if [[ "${CONFIRM}" != "${PASSWORD}" ]]; then
+    echo "passwords do not match" >&2
+    exit 1
+fi
+
 if [[ -n $DEPT ]]; then
     BASE="$(ldapsearch -x -LLL -o ldif-wrap=no "(&(objectClass=gosaDepartment)(ou:dn:=${DEPT}))" 2>/dev/null | awk '/^dn: / {print $2}' | sort | head -1)"
 else
@@ -108,6 +115,8 @@ gidNumber: $NEWGID
 "
 fi
 
+USER_PASSWORD="$(slappasswd -h '{CRYPT}' -c '$y$j9T$%.16s$' -T /dev/stdin <<<"${PASSWORD}")"
+
 ldif="$ldif
 
 dn: uid=$USERNAME,$USERBASE
@@ -125,7 +134,7 @@ sn: $GECOS
 givenName: $GECOS
 uid: $USERNAME
 cn: $GECOS
-userPassword: {SSHA}N0T$3T4N0W
+userPassword: $USER_PASSWORD
 homeDirectory: $HOMEDIR
 loginShell: /bin/bash
 uidNumber: $NEWUID
@@ -163,7 +172,11 @@ echo "$ldif"
 if echo "$ldif" | ldapmodify -ZZ -D "$admindn" -W -v -x ; then
 
     # Set the kerberos password
-    kadmin.local -q "change_password $USERNAME@$KRB5DOMAIN"
+    kadmin.local <<EOF
+change_password $USERNAME@$KRB5DOMAIN
+${PASSWORD}
+${PASSWORD}
+EOF
 
     # Create home directory
     if [ ! -d $HOMEDIR ] ; then



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/a037063a41e55e7d5222795e07e3c5f47da2b1ea

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/a037063a41e55e7d5222795e07e3c5f47da2b1ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20230807/b80ad060/attachment-0001.htm>

More information about the debian-edu-commits mailing list