Hello,
I have a question regarding an issue we are having with our Open Directory server (Mac LDAP server) which is based on openLDAP. Our Open Directory server is our main source of authentication for many online services including but not limited to Google Apps, we used Randy Seaks tutorial to sync OD passwords t our google apps domain because open directory stores passwords in format that google apps doesn’t recognize:
Which is basically attaching a shell script to store users’ passwords in SHA1 (read by google) in another user’s attribute on password change and it has been working like charm for us but now we are now moving to Open Directory 10.11 where everything has changed and I’m stuck in where and how to trigger a shell script on users’ password change, the script is:
#!/bin/bash
Get password from stdin. This will be the password change running through password server.
read password
Hash the password using the SHA1 method and store into “password”.
password=echo -n $password | /usr/bin/openssl dgst -sha1 -hex
LDIFMOD="/usr/sbin/authserver/tools/modify/modify.ldif"
touch $LDIFMOD
echo -e “dn: uid=$1,cn=users,dc=domain,dc=domain,dc=org\nchangetype: modify\nreplace: pager\npager: $password” > $LDIFMOD
Change the following fields to match your system
DIRADMIN - directory admin username
PASSWORD - Directory admin password
ldapmodify -xD uid=admin,cn=users,dc=domain,dc=domain,dc=org -w adminpassword -f $LDIFMOD -v
Any idea how something similar can be done in openLDAP?
Thanks you so much.