scripts/FreeIPA
Archived
1
0
Fork 0
Code Issues 4 Activity
This repository has been archived on 2026-01-01. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
master
FreeIPA/freeipa-service-password.sh
Frederik Lindenaar 3470ed2dcf Added 3 additional scripts (refer to README.md for what they do) 
- freeipa-samba-user.sh
  - freeipa-service-ntlm.sh
  - freeipa-service-password.sh
2019-07-19 18:18:02 +02:00

82 lines
2.7 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash -e
#
# freeipa-service-password.sh - add/set host service login password
#
# Version 1.0, latest version, documentation and bugtracker available at:
# https://gitlab.lindenaar.net/scripts/freeipa
#
# Copyright (c) 2019 Frederik Lindenaar
#
# This script is free software: you can redistribute and/or modify it under the
# terms of version 3 of the GNU General Public License as published by the Free
# Software Foundation, or (at your option) any later version of the license.
#
# This script is distributed in the hope that it will be useful but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this program. If not, visit <http://www.gnu.org/licenses/> to download it.
die() { echo $* >&2; exit 1; }
# Exit if hostname not provided
if [ $# -lt 2 ]; then
die "Usage: `basename $0` <hostname> <service> [<service> ...]"
fi
# Sanity checks, ensure we have a valid Kerberos ticket and run on FreeIPA server
if ! klist -s; then
die "no valid Kerberos ticket, please login to FreeIPA using kinit first"
elif ! ipa server-show ${HOSTNAME:=$(hostname --fqdn)} > /dev/null; then
die "this script should be run on an active IPA server"
fi
# Set parameters from command line
: ${HOST:=$1}
shift
if ! ipa host-show "$HOST" > /dev/null 2>&1; then
echo Fetching information for $HOST
SSHKEYS=($(ssh-keyscan $HOST 2>/dev/null | cut -f2- -d\ | sed "s/\(.*\)/--sshpubkey='\1'/"))
echo Creating host $HOST
eval ipa host-add "$HOST" ${SSHKEYS[@]}
eval ipa host-add-principal "$HOST" $HOSTALIASES
else
echo host $HOST exists
fi
for service in $*
do
if ipa service-add "$service/$HOST" > /dev/null 2>&1; then
echo Created service $service/$HOST
else
echo service $service/$HOST exists
fi
service_binddn=$(ipa service-show "$service/$HOST" --raw --all | fgrep " dn: " | cut -f2 -d: | tr -d \ )
echo Service Bind DN: $service_binddn
service_bindpw=$(pwmake 128)
if ipa service-show "$service/$HOST" --all --raw | fgrep "objectClass:" | fgrep -q "simpleSecurityObject" > /dev/null 2>&1; then
echo resetting password to generated password: $service_bindpw
ldapmodify -Q > /dev/null 2>&1 <<EOLDIF
dn: $service_binddn
changetype: modify
replace: userPassword
userPassword: $service_bindpw
EOLDIF
else
echo Enabled login with generated password: $service_bindpw
ldapmodify -Q > /dev/null 2>&1 <<EOLDIF
dn: $service_binddn
changetype: modify
add: objectClass
objectClass: simpleSecurityObject
-
add: userPassword
userPassword: $service_bindpw
EOLDIF
fi
done
Reference in New Issue View Git Blame Copy Permalink