aboutsummaryrefslogtreecommitdiffstats
path: root/fripost-passwd
diff options
context:
space:
mode:
Diffstat (limited to 'fripost-passwd')
-rwxr-xr-xfripost-passwd151
1 files changed, 134 insertions, 17 deletions
diff --git a/fripost-passwd b/fripost-passwd
index bb67e44..9ae47d9 100755
--- a/fripost-passwd
+++ b/fripost-passwd
@@ -8,54 +8,171 @@ use strict;
fripost-passwd - Change password of user
+=head1 SYNOPSIS
+
+B<fripost-passwd> [B<--debug>] [B<--pretend>] [I<username>]
+[B<--password=>I<password>]
+
+=head1 DESCRIPTION
+
+B<fripost-passwd> changes the password of I<username>, unless B<--pretend>
+is set.
+If I<username> or I<password> are not given, the user is prompted for them.
+If I<username> is not fully qualified, C<fripost.org> is appended.
+If I<username> is not an existing username, B<fripost-passwd> raises an
+error.
+
+=head1 OPTIONS
+
+=over 8
+
+=item B<--pretend>
+
+Only simulates the insertion. (But still query the LDAP server to ensure
+that I<username> is a known user.)
+
+=item B<--password=>I<password>
+
+By default, the user is prompted for his/her new password, which is
+hashed, salted and then added to the LDAP entry.
+By using B<--password>, I<password> is inserted RAW in the database.
+This can be useful if the user does not want to give the clear copy but
+only a hash, for example.
+
+=item B<--server_host=>I<host>
+
+The LDAP URI to connect to.
+The default value is read from the configuration file, see B<CONFIGURATION>.
+
+=item B<--bind_dn=>I<binddn>
+
+The Distinguished Name (DN) to bind to the LDAP directory.
+(If not set, B<fripost-passwd> binds anonymously.)
+The default value is read from the configuration file, see B<CONFIGURATION>.
+
+=item B<--bind_pw=>I<password>
+
+The password to to bind with.
+The default value is read from the configuration file, see B<CONFIGURATION>.
+
+=item B<--base_dn=>I<basedn>
+
+The root DN for everything done by B<fripost-passwd>.
+The default value is read from the configuration file, see B<CONFIGURATION>.
+
+=item B<--debug>
+
+Debug mode.
+
+=back
+
+=head1 CONFIGURATION
+
+The configuration is read from the file C<$HOME/.fripost.yml>.
+Valid keys include:
+
+=over 4
+
+=item I<server_host>
+
+The LDAP URI to connect to. It has to be set, either in the
+configuration file, or using the command line option B<--server_host>.
+
+=item I<bind_dn>
+
+The Distinguished Name (DN) to bind to the LDAP directory.
+(If not set, B<fripost-passwd> binds anonymously.)
+
+=item I<bind_pw>
+
+The password to to bind with.
+
+=item I<base_dn>
+
+The root DN for everything done by B<fripost-passwd>.
+
+=back
+
=cut
use FindBin qw($Bin);
use lib "$Bin/lib";
+use Env qw /HOME/;
+use File::Spec::Functions;
+
use Fripost::Password;
use Fripost::Prompt;
use Fripost::Schema;
-use Getopt::Long;
+use Getopt::Long qw /:config noauto_abbrev no_ignore_case
+ gnu_compat bundling permute nogetopt_compat
+ auto_version auto_help/;
+use Pod::Usage;
use YAML::Syck;
## Get command line options
-our $conf = LoadFile('default.yml');
+our $conf = LoadFile( catfile ($HOME, '.fripost.yml') );
GetOptions(
- 'dbi_dsn' => \$conf->{dbi_dsn},
- 'admuser=s' => \$conf->{admuser},
- 'admpass=s' => \$conf->{admpass},
- 'pretend' => \$conf->{pretend},
-) or die "Unable to get command line options.";
+ 'server_host' => \$conf->{server_host},
+ 'base_dn=s' => \$conf->{base_dn},
+ 'bind_dn=s' => \$conf->{bind_dn},
+ 'bind_pw=s' => \$conf->{bind_pw},
+ 'pretend' => \$conf->{pretend},
+ 'debug' => \$conf->{debug},
+ 'password=s' => \$conf->{password},
+ 'man' => sub { pod2usage(-exitstatus => 0,
+ -verbose => 2) }
+) or pod2usage(2);
+
+
+# Connect to the LDAP server
+my $ldap = Fripost::Schema->new( $conf );
+
+
+my $username;
+if (defined $ARGV[0]) {
+ $username = fix_username ($ARGV[0]);
+ Email::Valid->address($username)
+ or die "Error: `" .$username. "' is not a valid e-mail.\n";
+}
+else {
+ $username = prompt_email("New username: ", 'is_user');
+}
+my $password = $conf->{password};
+$password //= hash( undef, undef, prompt_password() );
+
+
+# Ensure that the user exists.
+die "Error: Unknown user `" .$username. "'.\n"
+ unless $ldap->user->search({ username => $username })->count;
-my $username = fix_username($ARGV[0]);
-$username //= prompt_email("New username: ", 'is_user');
-my $password = prompt_password();
if ($conf->{pretend}) {
say "Nothing to do since we are pretending...";
exit 0;
}
-# Connect to the database
-my $schema = Fripost::Schema->connect(
- $conf->{dbi_dsn}, $conf->{admuser}, $conf->{admpass}, {} #\%dbi_params
-);
-my $row = $schema->resultset('Mailbox')->find($username);
-$row->password($password);
-$row->update;
+# Change the password.
+$ldap->user->passwd({ username => $username, userPassword => $password });
say "Updated password for $username.";
+$ldap->unbind();
+
+
=head1 AUTHOR
Stefan Kangas C<< <skangas at skangas.se> >>
+Guilhem Moulin C<< <guilhem at fripost.org> >>
+
=head1 COPYRIGHT
Copyright 2010 Stefan Kangas.
+Copyright 2012 Guilhem Moulin.
+
=head1 LICENSE
This program is free software; you can redistribute it and/or modify it