1.安装perl-ldap 下载地址:http://search.cpan.org/~gbarr/perl-ldap/ 前提是已经安装perl工具包。首先查看perl版本 [root@local~]perl -V Built under linux Compiled at Nov 8 2007 06:49:06 @INC: /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 接着,解压安装(安装方式是手动,不需要执行make) [root@local~]tar -zxvpf perl-ldap-0.39.tar.gz [root@local~]cd perl-ldap-0.39/lib [root@local~]cp -a * /usr/lib/perl5/site_perl/5.8.8 2.安装perl-ldap依赖的Convert::ASN1模块 下载地址:http://search.cpan.org/search?module=Convert::ASN1 [root@local~]tar -zxvpf Convert-ASN1-0.22.tar.gz [root@local~]cd Convert-ASN1-0.22 [root@local~]perl Makefile.PL [root@local~]make [root@local~]make install 3. 使用perl-ldap修改a user's password in MS Active Directory [root@local~]$ vim chg_passwd.pl
#!/usr/bin/perl -w
use strict; use Net::LDAPS;
my($Ad, $mesg, $uid, $pass, $npass, $dn, $rtn);
#($uid, $pass) = split(" ",<STDIN>); $uid="test"; $pass="123456";
if (($uid eq "") or ($pass eq "")) { print "Uid and/or password missing in input/n"; exit 1; }
print "Trying to set $uid to password $pass/n"; # 1. Bind to the AD server $Ad = Net::LDAPS->new("ad02.example.com", port=>636, version => 3) or print "Unable to connect to AD server/n", exit 2; $Ad->bind(dn => "cn=administrator,ou=finance,dc=example,dc=com", password => "123456") or print "Unable to bind to AD server/n", exit 2;
#2. Do a AD lookup to get the dn for this user $mesg = $Ad->search(base => "DC=example,DC=com", filter => "cn=$uid"); print $mesg->count; print "/n"; if($mesg->count != 1) { print "AD lookup failed for user $uid/n"; exit 3; } #4. Add quotes and uniCode map { $npass .= "$_/000" } split(//, "/"$pass/""); #5. Now change their password. $dn = $mesg->entry(0)->dn; $rtn = $Ad->modify($dn, replace => [ "unicodePwd" => $npass ]); if($rtn->{'resultCode'} != 0) { print "User $uid, setting password failed/n"; exit 2; } #6. free $Ad->unbind(); print "Password for $uid changed in AD/n"; exit 0;
