[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: batch encrypting passwords



charlie derr wrote:

I think the easiest way is to use a scripting language to build an ldif file (and then apply it with ldapmodify).

It' almost as easy to use your favourite scripting language together with an LDAP module to write directly to the directory via LDAP. This gives you better error handling and less hassle with LDIF.


  output = output + "changetype: modify\n"
  output = output + "replace: userPassword\n"
  output = output + "userPassword: {crypt}" + pw + "\n\n"

to stay with Python example here (l is LDAPObject instance):

try:
  l.modify_s(
    "uid=" + username + ",ou=People,dc=example,dc=com,
    [
      (ldap.MOD_REPLACE,'userPassword',["{crypt}" + pw])
    ]
  )
except ldap.LDAPError,e:
  # do error handling here: at least log
  print str(e)

Ciao, Michael.