Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- ###############################################################################
- ## gadspwsync.sh - Synchronizes Google Apps passwords with eDirectory ##
- ## Copyright (C) 2011 Brad Rodgers (brad@rodgeville.com) ##
- ## ##
- ## Released under the GPL. Feel free to redistribute this script, however ##
- ## the above copyright line must remain. See COPYING for more details. ##
- ###############################################################################
- #
- # Full path to script
- SCRIPTPATH="/gadspwsync"
- # File listing eDir contexts to search
- CONTEXTSFILE="/gadspwsync/contexts.txt"
- # Specify "one" or "sub" to search sub OUs or not
- LDAPSCOPE="one"
- # LDAP server and bind information
- LDAPHOST="ldaphost.digitalairlines.com"
- LDAPURI="ldaps://ldaphost.digitalairlines.com"
- LDAPBINDDN="cn=GADSPWSync,o=DigitalAirlines"
- LDAPPASSWD="yourpassword"
- # Location of getpass
- GETPASS="/usr/local/sbin/getpass/getpass"
- # LDAP attribute used to store SHA1 hash of password
- LDAPATTRIB="carLicense"
- # Full path to GADS sync command
- GADSCMD="/opt/GoogleAppsDirSync/sync-cmd"
- # Full path to GADS configuration file
- GADSCONF="/gadspwsync/DigitalAirlines.xml"
- #
- ###############################################################################
- # Check and sync eDir password with LDAP attribute for Google for uers in
- # contexts from contexts file
- while IFS= read -r BASEDN
- do
- LDAPSEARCH=$(ldapsearch -x -D "$LDAPBINDDN" -b "$BASEDN" -H $LDAPURI -w "$LDAPPASSWD" -s $LDAPSCOPE -LLL "(objectClass=User)" dn)
- for RESULT in $LDAPSEARCH
- do
- if [ "$RESULT" != "dn:" ]; then
- # Retrieve eDir password as SHA1 hash
- EDIRPASSWD=$(echo -n $($GETPASS $LDAPHOST $LDAPBINDDN $LDAPPASSWD $RESULT) | openssl sha1)
- # Retrieve Google password from LDAP
- GOOGPASSWD=$(echo -n $(ldapsearch -x -D "$LDAPBINDDN" -b "$RESULT" -s base -H $LDAPURI -w "$LDAPPASSWD" -LLL $LDAPATTRIB | grep "$LDAPATTRIB") | tail -c40)
- # Compare eDir and Google passwords; replace Google password with eDir
- # password if different
- if [ "$EDIRPASSWD" != "$GOOGPASSWD" ]; then
- # Delete LDIF file if it exists
- if [ -f $SCRIPTPATH/gadspwsync.ldif ]; then
- rm -f $SCRIPTPATH/gadspwsync.ldif
- fi
- # Create LDIF file
- touch $SCRIPTPATH/gadspwsync.ldif
- echo "'dn: $RESULT'" >> $SCRIPTPATH/gadspwsync.ldif
- echo "changetype: modify" >> $SCRIPTPATH/gadspwsync.ldif
- echo "replace: carLicense" >> $SCRIPTPATH/gadspwsync.ldif
- echo "carLicense: $EDIRPASSWD" >> $SCRIPTPATH/gadspwsync.ldif
- # Update Google password with eDirectory password
- ldapmodify -x -D "$LDAPBINDDN" -H $LDAPURI -w "$LDAPPASSWD" -f $SCRIPTPATH/gadspwsync.ldif
- # Remove LDIF file
- rm -f $SCRIPTPATH/gadspwsync.ldif
- fi
- fi
- done
- done < $CONTEXTSFILE
- # Exit script and run Google Apps Directory Sync
- exit & $GADSCMD -a -c $GADSCONF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement