1. Windows Server + AD
2. Ubuntu Server 沒有AD (廢話了一下)
本篇目的:用openldap的指令ldapmodify去修改那該死的AD user password(為什麼要搞死自己
呢?)
其實就是達到某種密碼同步啦!
前提:Windows AD必須支援ldaps,怎麼支援?你說說看,我為什麼要跟你說?
廢話不多說,開始:
#!/bin/bash
b64pass=`echo -n \""GodDamnPassword"\"|iconv --to utf-16le|base64`
echo "dn: CN=UserAccount, OU=YourOU, DC=YourDC" > test.ldif
echo "changetype: modify" >> test.ldif
echo "replace: unicodePwd" >> test.ldif
echo "unicodePwd::$b64pass" >> test.ldif
ldapmodify -H ldaps://AD_Server -D "CN=Administrator,CN=Users,DC=YourDC" -W -f test.ldif
執行時會問你LDAP PASSWORD,請乖乖輸入AD的Administrator密碼,若你有好狗運,會出現以下:
root@server:/path/to/blablavla # ./chpass.sh
Enter LDAP Password:
modifying entry "CN=UserAccount, OU=YourOU, DC=YourDC"
然後...還然後?趕快去試試看啊!這還要我教?
OR...
#b64pass=`echo -n \""GodDamnPassword"\"|iconv --to utf-16le|base64`
#ldapmodify -H ldaps://AD.Server -D "CN=Administrator,CN=Users,DC=YourDC" -W <<EOF
> dn: CN=UserAccount, OU=YourOU, DC=YourDC
> changetype: modify
> replace: unicodePwd
> unicodePwd::$b64pass
> EOF
其實這個unicodePwd還蠻該死的,google一下便知一堆G拔毛的鬼啊!
#b64pass=`echo -n \""GodDamnPassword"\"|iconv --to utf-16le|base64`
#ldapmodify -H ldaps://AD.Server -D "CN=Administrator,CN=Users,DC=YourDC" -W <<EOF
> dn: CN=UserAccount, OU=YourOU, DC=YourDC
> changetype: modify
> replace: unicodePwd
> unicodePwd::$b64pass
> EOF
其實這個unicodePwd還蠻該死的,google一下便知一堆G拔毛的鬼啊!
沒有留言:
張貼留言