The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenLdap to Cpanel passwords

Discussion in 'Migrate to cPanel' started by kasandrapadisha, May 31, 2011.

  1. kasandrapadisha

    kasandrapadisha Registered

    Joined:
    Mar 16, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hi

    I am migrating to a Cpanel server from a standard mail server using openldap to store passwords.

    I have used before the migration tools from openldap to create users in openldap and it takes the passwords from /etc/shadow and stores as {CRYPT} strings in ldap.

    I have tried to do the reverse, putting this string in cpanel shadows and it does not work. I have tried it in many ways and directions but I could not get through.

    As you can see, I do not want to leave my ldap directory as cpanel does not have support for it yet.

    Is there any way to make the password hash compatible between cpanel and openldap ?

    Thanks in advance
     
  2. kasandrapadisha

    kasandrapadisha Registered

    Joined:
    Mar 16, 2011
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Well .. I found a solution for me. .. I have an openldap and I syncronize passwords based on the email. The master es cpanel and the slave-replica is openldap, but it works brilliant to add other applications with a single user/pass.


    #!/bin/bash
    #************************************************************************
    # PROGRAMA: sync_cpanel_openldap.py FECHA: 30 Mayo 2011 *
    #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*
    #
    # OJO: Requiere ldap-utlis *
    #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*
    # AUTOR: J.E. Gomez (SkinaTech) jgomez at skinatech.com *
    #***********************************************************************/

    # /********************************************************
    # * Declaracion de Constantes y Macros *
    # ********************************************************/

    #Ldap access
    ldap_server="localhost"
    ldap_user="cn=Manager,dc=ejemplo,dc=com"
    ldap_passwd="mypassword"
    ldap_basedn="dc=ejemplo,dc=com"

    # /*******************************************************
    # * Definicion de las demas funciones del programa *
    # ********************************************************/


    archivos_de_contrasenas_de_cpanel(){
    #/*-----------------------------------------------------------------------
    # Obtiene el listado de archivos shadow validos de las cuentas de cpanel
    #-----------------------------------------------------------------------*/
    for i in `awk -F":" '{if ($3 > 500 && $3 < 10000) print $1 }' /etc/passwd` ; do
    if [[ -d /home/$i ]] ; then
    find /home/$i -name "shadow"
    fi | grep etc
    done
    }

    existe_usuario_en_ldap(){
    #/*-----------------------------------------------------------------------
    # Busca el correo electronico en el ldap
    #
    # PARAMETERS: Correo electronico
    # POST: Ha impreso el dn del usuario
    #-----------------------------------------------------------------------*/
    salida=`ldapsearch -x -h $ldap_server -b $ldap_basedn -D $ldap_user -w $ldap_passwd "(mail=$1)" | perl -p -0040 -e 's/\n //' | grep -v "^#" | grep "^dn"`
    echo "$salida"
    if [[ $salida != "" ]] ; then exit 0 ; else exit 1 ; fi
    }

    listado_usuarios_pass(){
    #/*-----------------------------------------------------------------------
    # Obtiene el listado de usuario y su hash para todos los dominios
    #-----------------------------------------------------------------------*/
    for i in `archivos_de_contrasenas_de_cpanel` ; do
    dominio=`echo $i | cut -d"/" -f 5`
    cat $i | awk -v domo=$dominio -F":" '{print $1"@"domo":"$2}'
    done
    }


    # /********************************************************
    # * Funcion main *
    # ********************************************************/

    #*-----------------------------------------------------------------------
    # Cambia las contrasenas en ldap usando como origen los shadows de cpanel
    #
    # DESCRIPTION:
    # Toma el listado de usuarios posibles de los passwd de cada dominio, para
    # revisar si existe y en caso que si, crea el instructivo para cambiar el
    # registro de contrasena por la que esta en cpanel.
    #
    # PARAMETERS:
    #
    # RESULTADO: int 0 ejecucion exitosa
    # 1 ejecucion fracasada
    # PRE: TRUE
    # POST:
    # OJO!:
    #-----------------------------------------------------------------------*/

    for i in `listado_usuarios_pass` ; do
    correo=`echo $i | awk -F":" '{print $1}'`
    passwd=`echo $i | awk -F":" '{print $2}'`
    usr_dn=`existe_usuario_en_ldap $correo`
    if [[ $usr_dn != "" ]] ; then
    echo "$usr_dn
    changetype: modify
    replace: userpassword
    userpassword: {CRYPT}$passwd" | ldapmodify -x -h $ldap_server -D $ldap_user -w $ldap_passwd
    fi
    done
     
  3. kbs

    kbs Member

    Joined:
    Jul 27, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Hola, veo que con ese script pasas de shadow a ldap, yo quiero hacer lo inverso, pudiste hacer algo?

    saludos
     
Loading...

Share This Page