Q: OD 10.11 run shell script on password change
I have a question regarding an issue we are having with our Open Directory server that I have asked in many other forums before and didn't get an answer yet. Our Open Directory server is our main source of authentication for many online services including but not limited to Google Apps, we used Randy Seaks tutorial to sync OD passwords t our google apps domain because open directory stores passwords in format that google apps doesn't recognize:
Which is basically attaching a shell script to store users' passwords in SHA1 (read by google) in another user's attribute on password change and it has been working like charm for us but now we are now moving to Open Directory 10.11 where everything has changed and I'm stuck in where and how to trigger a shell script on users' password change, the script is:
#!/bin/bash
# Get password from stdin. This will be the password change running through password server.
read password
# Hash the password using the SHA1 method and store into "password".
password=`echo -n $password | /usr/bin/openssl dgst -sha1 -hex`
LDIFMOD="/usr/sbin/authserver/tools/modify/modify.ldif"
touch $LDIFMOD
echo -e "dn: uid=$1,cn=users,dc=domain,dc=domain,dc=org\nchangetype: modify\nreplace: pager\npager: $password" > $LDIFMOD
# Change the following fields to match your system
# DIRADMIN - directory admin username
# PASSWORD - Directory admin password
#
ldapmodify -xD uid=diradmin,cn=users,dc=domain,dc=domaindc=org -w adminpassword -f $LDIFMOD -v
Any idea how something similar can be done in openLDAP?
Thanks you so much.
Mac Pro, OS X Yosemite (10.10)
Posted on Apr 5, 2016 1:35 AM