1.安裝perl-ldap
:http://search.cpan.org/~gbarr/perl-ldap/
前提是已經安裝perl工具包。首先查看perl版本
[root@local~]perl -V
Built under linux
Compiled at Nov 8 2007 06:49:06
@INC:
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8
/usr/lib/perl5/site_perl
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8
/usr/lib/perl5/vendor_perl
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/5.8.8
接著,解壓安裝(安裝方式是手動,不需要執行make)
[root@local~]tar -zxvpf perl-ldap-0.39.tar.gz
[root@local~]cd perl-ldap-0.39/lib
[root@local~]cp -a * /usr/lib/perl5/site_perl/5.8.8
2.安裝perl-ldap依賴的Convert::ASN1模組
:http://search.cpan.org/search?module=Convert::ASN1
[root@local~]tar -zxvpf Convert-ASN1-0.22.tar.gz
[root@local~]cd Convert-ASN1-0.22
[root@local~]perl Makefile.PL
[root@local~]make
[root@local~]make install
3. 使用perl-ldap修改a user's password in MS Active Directory
[root@local~]$ vim chg_passwd.pl
#!/usr/bin/perl -w
use strict;
use Net::LDAPS;
my($Ad, $mesg, $uid, $pass, $npass, $dn, $rtn);
#($uid, $pass) = split(" ",<STDIN>);
$uid="test";
$pass="123456";
if (($uid eq "") or ($pass eq "")) {
print "Uid and/or password missing in input/n"; exit 1;
}
print "Trying to set $uid to password $pass/n";
# 1. Bind to the AD server
$Ad = Net::LDAPS->new("ad02.example.com", port=>636, version => 3) or print "Unable to connect to AD server/n", exit 2;
$Ad->bind(dn => "cn=administrator,ou=finance,dc=example,dc=com", password => "123456") or print "Unable to bind to AD server/n", exit 2;
#2. Do a AD lookup to get the dn for this user
$mesg = $Ad->search(base => "DC=example,DC=com", filter => "cn=$uid");
print $mesg->count;
print "/n";
if($mesg->count != 1) {
print "AD lookup failed for user $uid/n"; exit 3;
}
#4. Add quotes and uniCode
map { $npass .= "$_/000" } split(//, "/"$pass/"");
#5. Now change their password.
$dn = $mesg->entry(0)->dn;
$rtn = $Ad->modify($dn, replace => [ "unicodePwd" => $npass ]);
if($rtn->{'resultCode'} != 0) {
print "User $uid, setting password failed/n"; exit 2;
}
#6. free
$Ad->unbind();
print "Password for $uid changed in AD/n";
exit 0;