[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Default password for all users



Do you realize that crypt passwords limit you to only 8 character
passwords ?

I have written a LDAP web client that allows users to change their
password to MD5 format if you are interested in it I can send it.

With my program users initial password will be in Crypt format. All future
password changes will be in MD5-Digest format.

Open LDAP works with both. It is very flexible. Who ever wrote Open
LDAP's Auth module must have been a genius. ;-)

> I am in the process of migrating around 600 users from another directory,
> using LDIF files. I want to give a common default CRYPT password to all
> users. How to do this ?

Here is snip of the PERL code I have for this. ---

#header
#
use CGI qw(:standard);
use Net::LDAP;
use Digest::MD5  qw(md5 md5_hex md5_base64);
use strict;

#globals
#minimum password size
my $min_size = 6;
my $max_size = 24;

#here is a fuction to change the password with md5
#using net::ldap

sub changepass {
    my $user = shift;
    my $newpass = shift;
    my $digest = md5_base64($newpass);
    my $ldap = Net::LDAP->new($ldaphost)
    or die "can't make new LDAP object (in changepass()): $@";
    my $basedn = $mailaccounts;
    my $binddn = "uid=$user,$mailaccounts";
    return 0 unless ( $ldap->bind( $binddn, password => $oldpass )->code
    == 0 );
    my $message = $ldap->modify( $binddn,
                      replace => { userPassword => "{md5}$digest==" } );

    if ( !$message =~ /Net::LDAP::Modify\=HASH.*/ ) {
        print header, start_html( -title => "LDAP dead" );
        print '<CENTER>', h2("Failed to update password"), '</CENTER>';
        print p, "ldap server message is $message";
        die "Crap.  The password update failed with error $message";
        }  $error =
              "changed $user"
              . "'s pass to $newpass "
              . "(crypted with md5 = $digest)";
               return 1;
    }