API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 19th, 2013
224
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.03 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. ###############################################################################
  4. ## gadspwsync.sh - Synchronizes Google Apps passwords with eDirectory ##
  5. ## Copyright (C) 2011 Brad Rodgers (brad@rodgeville.com) ##
  6. ## ##
  7. ## Released under the GPL. Feel free to redistribute this script, however ##
  8. ## the above copyright line must remain. See COPYING for more details. ##
  9. ###############################################################################
  10. #
  11. # Full path to script
  12. SCRIPTPATH="/gadspwsync"
  13.  
  14. # File listing eDir contexts to search
  15. CONTEXTSFILE="/gadspwsync/contexts.txt"
  16.  
  17. # Specify "one" or "sub" to search sub OUs or not
  18. LDAPSCOPE="one"
  19.  
  20. # LDAP server and bind information
  21. LDAPHOST="ldaphost.digitalairlines.com"
  22. LDAPURI="ldaps://ldaphost.digitalairlines.com"
  23. LDAPBINDDN="cn=GADSPWSync,o=DigitalAirlines"
  24. LDAPPASSWD="yourpassword"
  25.  
  26. # Location of getpass
  27. GETPASS="/usr/local/sbin/getpass/getpass"
  28.  
  29. # LDAP attribute used to store SHA1 hash of password
  30. LDAPATTRIB="carLicense"
  31.  
  32. # Full path to GADS sync command
  33. GADSCMD="/opt/GoogleAppsDirSync/sync-cmd"
  34.  
  35. # Full path to GADS configuration file
  36. GADSCONF="/gadspwsync/DigitalAirlines.xml"
  37. #
  38. ###############################################################################
  39.  
  40. # Check and sync eDir password with LDAP attribute for Google for uers in
  41. # contexts from contexts file
  42. while IFS= read -r BASEDN
  43. do
  44. LDAPSEARCH=$(ldapsearch -x -D "$LDAPBINDDN" -b "$BASEDN" -H $LDAPURI -w "$LDAPPASSWD" -s $LDAPSCOPE -LLL "(objectClass=User)" dn)
  45. for RESULT in $LDAPSEARCH
  46. do
  47. if [ "$RESULT" != "dn:" ]; then
  48.  
  49. # Retrieve eDir password as SHA1 hash
  50. EDIRPASSWD=$(echo -n $($GETPASS $LDAPHOST $LDAPBINDDN $LDAPPASSWD $RESULT) | openssl sha1)
  51.  
  52. # Retrieve Google password from LDAP
  53. GOOGPASSWD=$(echo -n $(ldapsearch -x -D "$LDAPBINDDN" -b "$RESULT" -s base -H $LDAPURI -w "$LDAPPASSWD" -LLL $LDAPATTRIB | grep "$LDAPATTRIB") | tail -c40)
  54.  
  55. # Compare eDir and Google passwords; replace Google password with eDir
  56. # password if different
  57. if [ "$EDIRPASSWD" != "$GOOGPASSWD" ]; then
  58.  
  59. # Delete LDIF file if it exists
  60. if [ -f $SCRIPTPATH/gadspwsync.ldif ]; then
  61. rm -f $SCRIPTPATH/gadspwsync.ldif
  62. fi
  63.  
  64. # Create LDIF file
  65. touch $SCRIPTPATH/gadspwsync.ldif
  66. echo "'dn: $RESULT'" >> $SCRIPTPATH/gadspwsync.ldif
  67. echo "changetype: modify" >> $SCRIPTPATH/gadspwsync.ldif
  68. echo "replace: carLicense" >> $SCRIPTPATH/gadspwsync.ldif
  69. echo "carLicense: $EDIRPASSWD" >> $SCRIPTPATH/gadspwsync.ldif
  70.  
  71. # Update Google password with eDirectory password
  72. ldapmodify -x -D "$LDAPBINDDN" -H $LDAPURI -w "$LDAPPASSWD" -f $SCRIPTPATH/gadspwsync.ldif
  73.  
  74. # Remove LDIF file
  75. rm -f $SCRIPTPATH/gadspwsync.ldif
  76. fi
  77. fi
  78. done
  79. done < $CONTEXTSFILE
  80.  
  81. # Exit script and run Google Apps Directory Sync
  82. exit & $GADSCMD -a -c $GADSCONF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!