使用OPENLDAP C API修改 win2003 AD域(Active Directory)用户密码
2014-01-08 16:04
936 查看
参考:/article/2838851.html
参考:http://www.121.name/LDAP.html
参考:http://pig.made-it.com/pig-adusers.html
首先要在win2003上安装AD域,并且支持SSL,参见:
编译:
# gcc -g -Wall -Werror ./sslldappass.c -o ./sslldappass -lldap
运行:
# ./sslldappass 1 2 XXXXXXXX
这里密码要注意复杂度
本程序可以用来修改任何属性,只是除unicodePwd外的其它属性不需要转换成UTF16LE。
参考:http://www.121.name/LDAP.html
参考:http://pig.made-it.com/pig-adusers.html
首先要在win2003上安装AD域,并且支持SSL,参见:
win2003 AD域 支持 LDAP SSL
上源码:#include <stdio.h> #include <stdlib.h> #include <signal.h> #include <unistd.h> #define LDAP_TYPELEN 128 #define LDAP_VALUELEN 256 #define ADMIN "CN=Administrator,CN=Users,DC=domain,DC=com" // AD administrator dn #define ADMIN_PASSWORD "password" #define AD_DOMAINNAME "ll-u4b5ul9ztwm9.cylan.lfm.com" #define AD_PORT 389 #define AD_SSLPORT 636 #define DEBUG 0 #define OPT_NONSSL "0" #define OPT_SSL "1" #define OPT_TLS "2" #define SCHEME_LDAP "ldap" #define SCHEME_LDAPS "ldaps" #define DST_DN "CN=usertest,CN=Users,DC=domain,DC=com" // destination dn #ifdef __cplusplus extern "C" { #endif #include <ldap.h> #define DNLEN 256 LDAP* ldap_init(char*ip,int port); int ldap_simple_bind_s(LDAP *ld, const char *who, const char *passwd); int ldap_search_s(LDAP*ld,char* base, int scope,char* filter, char*attrs[], int attrsonly,LDAPMessage** res); int ldap_unbind_s(LDAP *ld); int ldap_modify_s( LDAP *ld, LDAP_CONST char *dn, LDAPMod **mods ); #ifdef __cplusplus } #endif static void freeLdap(LDAP *ldap) { ldap_unbind_s(ldap); } static void timeout(int signo,siginfo_t *si, void *unused) { return; } static LDAP* initLdap( int USE_SSL ) { LDAP* ld; //ldap init timer 10 seconds int timer = 10; struct sigaction sa; int i_ret = 0; sa.sa_flags = SA_SIGINFO; sigemptyset(&sa.sa_mask); sa.sa_sigaction = timeout; if (-1 == sigaction(SIGALRM,&sa,NULL)) { printf("set timeout action in ldapserver failed\n"); } alarm( timer ); if( USE_SSL != 0 ) { char psz_secure_url[128]; if(USE_SSL == 1) { sprintf(psz_secure_url, "%s://%s:%d", SCHEME_LDAPS, AD_DOMAINNAME, AD_SSLPORT ); } else { sprintf(psz_secure_url, "%s://%s:%d", SCHEME_LDAP, AD_DOMAINNAME, AD_PORT ); } i_ret = ldap_initialize(&ld, psz_secure_url); if ( i_ret != LDAP_SUCCESS || ld == NULL ) { fprintf(stderr, "ldap_initialize: errno %d : %s\n", i_ret, ldap_err2string( i_ret )); return NULL; } fprintf(stderr, "SSL/TLS URL: %s\n", psz_secure_url); // only at Session Handle level!!!! which means the first parameter must be the LDAP* handle const int i_version = LDAP_VERSION3; i_ret = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &i_version ); if ( i_ret != LDAP_SUCCESS ) { fprintf(stderr, "set_option LDAP_OPT_PROTOCOL_VERSION errno %d : %s\n", i_ret, ldap_err2string( i_ret ) ); return NULL; } // only at GOBAL level!!!! which means the first parameter must be NULL char* psz_certfile = "./testca1.cer"; // AD server CA i_ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, psz_certfile); if ( i_ret != LDAP_SUCCESS ) { fprintf(stderr, "set_option LDAP_OPT_X_TLS_CACERTFILE errno %d : %s\n", i_ret, ldap_err2string( i_ret )); return NULL; } if(USE_SSL == 2) { i_ret = ldap_start_tls_s(ld, NULL, NULL); if ( i_ret != LDAP_SUCCESS ) { fprintf(stderr, "ldap_start_tls: errno %d : %s\n", i_ret, ldap_err2string( i_ret )); return NULL; } } } else { fprintf( stderr, "Unsecure URL: ldap://%s:%d/\n", AD_DOMAINNAME, AD_PORT ); i_ret = ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &i_version ); if ( i_ret != LDAP_SUCCESS ) { fprintf(stderr, "set_option LDAP_OPT_PROTOCOL_VERSION errno %d : %s\n", i_ret, ldap_err2string( i_ret ) ); return NULL; } if ( NULL == ( ld = ldap_init( AD_DOMAINNAME, AD_PORT ) ) ) { printf( "initial LDAP server %s failed\n", AD_DOMAINNAME ); return NULL; } } if ( ( i_ret = ldap_simple_bind_s( ld, ADMIN, ADMIN_PASSWORD ) ) != LDAP_SUCCESS ) { fprintf( stderr, "bind LDAP server %s failed, errno %d : %s\n", AD_DOMAINNAME, i_ret, ldap_err2string( i_ret ) ); freeLdap( ld ); return NULL; } return ld; } int main( int argc, char **argv ) { LDAP* ld = NULL; char *psz_filter = "(objectclass=user)"; int i_debug_flag1 = -1; // LDAP_DEBUG_ANY ; LDAPMessage *p_ldapmsg = NULL; int i_ret = 0; int USE_SSL = 0;//default, non-ssl if ( argc != 4 ) { printf( "Usage: \n" "\t%s SSLFLAG operation newpassword\n" "\t( operation:\tadd: %d, modify: %d, delete: %d \n" "\t SSLFLAG:\t0: normal connection, 1: use ssl connection, 2: tls connection )\n" "\tfor example:\n" "\t\t%s 1 2 newpasswordvalue\n", argv[0], LDAP_MOD_ADD, LDAP_MOD_REPLACE, LDAP_MOD_DELETE, argv[0] ); return -1; } // get connection flag if(strcmp(argv[1], OPT_NONSSL) == 0) { fprintf(stderr, "Using unsecure connection\n"); USE_SSL = 0; } else if (strcmp(argv[1], OPT_SSL) == 0) { fprintf(stderr, "Using non-standard SSL connection\n"); USE_SSL = 1; } else if (strcmp(argv[1], OPT_TLS) == 0) { fprintf(stderr, "Using standard TLS connection\n"); USE_SSL = 2; } else { fprintf(stderr, "please enter connection type: 0 for NonSSL, 1 for SSL, 2 for TLS\n"); return (1); } if ( DEBUG ) { i_ret = ldap_set_option( NULL, LDAP_OPT_DEBUG_LEVEL, &i_debug_flag1 ); if ( i_ret != LDAP_SUCCESS) { fprintf(stderr, "set_option LDAP_OPT_DEBUG_LEVEL errno %d : %s\n", i_ret, ldap_err2string( i_ret ) ); return -5; } } if ( NULL == ( ld = initLdap( USE_SSL ) ) ) return -3; // connect error // begin query infor i_ret = ldap_search_s( ld, DST_DN, LDAP_SCOPE_SUBTREE, psz_filter, NULL, 0, &p_ldapmsg ); if ( LDAP_SIZELIMIT_EXCEEDED == i_ret ) { return -4; } else if ( i_ret != LDAP_SUCCESS && i_ret != LDAP_OPERATIONS_ERROR ) return -2; // basedn error if ( NULL == p_ldapmsg ) return -1; int i_count = 0; if ((i_count = ldap_count_entries(ld,p_ldapmsg)) > 0) { LDAPMessage *ent = NULL; for ( ent = ldap_first_entry( ld, p_ldapmsg ); ent != NULL; ent = ldap_next_entry( ld, ent ) ) { struct berval **pp_verval; char *pp_attr[] = { "distinguishedName", "cn", "unicodePwd", "DBCSPwd", "userAccountControl", "supplementalCredentials", "dSHeuristics", "fUserPwdSupport", "supplementalCredentials", "dSHeuristics", NULL }; char *p_attr = NULL; int i_index = 0; for ( p_attr = pp_attr[0]; ( p_attr = pp_attr[i_index] ) != NULL; i_index ++ ) { pp_verval = ldap_get_values_len( ld, ent, p_attr ); do { printf( "get attribute %s = ", p_attr ); if( ldap_count_values_len( pp_verval ) == 0 ) { printf( "\n" ); continue; } printf( "%s\n", ( *pp_verval )->bv_val ); } while(0); } ldap_value_free_len( pp_verval ); } } // end query info // set mod value char *psz_newpasswd = argv[3]; char psz_newpasswd_quotes[128] = {0}; char psz_newpasswd_unicode[256] = {0}; struct berval bvalnew; struct berval *bvalsnew[2]; LDAPMod mod; LDAPMod *mods[3]; snprintf( psz_newpasswd_quotes, sizeof( psz_newpasswd_quotes ), "\"%s\"", psz_newpasswd ); int i_index = 0; for ( i_index = 0; i_index < strlen( psz_newpasswd_quotes ); i_index ++ ) { psz_newpasswd_unicode[i_index * 2] = psz_newpasswd_quotes[i_index]; } bvalnew.bv_val = psz_newpasswd_unicode; bvalnew.bv_len = strlen( psz_newpasswd_quotes ) * 2; bvalsnew[0] = &bvalnew; bvalsnew[1] = NULL; mod.mod_vals.modv_bvals = bvalsnew; mod.mod_type = (char *) "unicodePwd"; mod.mod_op = atoi( argv[2] ) | LDAP_MOD_BVALUES; mods[0] = &mod; mods[1] = NULL; // run modify function i_ret = ldap_modify_s( ld, DST_DN, mods ); printf( "ldap_modify_ext_s, i_ret: %d, %s\n", i_ret, ldap_err2string( i_ret ) ); return 0; }
编译:
# gcc -g -Wall -Werror ./sslldappass.c -o ./sslldappass -lldap
运行:
# ./sslldappass 1 2 XXXXXXXX
这里密码要注意复杂度
本程序可以用来修改任何属性,只是除unicodePwd外的其它属性不需要转换成UTF16LE。
相关文章推荐
- ldap admin连接ad域active directory根据密码修改时间查找用户
- 警惕黑客使用Lion系统漏洞破解和修改用户登陆密码
- Jenkins(十二)修改用户使用sudo不再需要密码
- 使用单用户模式修改root密码
- 使用ADMT3.2迁移2008AD域(三)----用户的迁移(生成复杂密码)
- Android基于XMPP Smack Openfire下学习开发IM(一)实现用户注册、登录、修改密码和注销等
- MYSQL使用简述-连接MYSQL、修改密码、增加用户等方面来学习一些MYSQL的常用命令
- 警惕黑客使用Lion系统漏洞破解和修改用户登陆密码
- 使用ldap语句查询某时间后没改密码的用户 推荐
- 想想MVC-使用JavaBean完成用户登陆,注册和修改密码功能
- 使用phpMyAdmin修改MySQL数据库root用户密码的方法
- Android基于XMPP Smack Openfire下学习开发IM(一)实现用户注册、登录、修改密码和注销等
- 使用ALTER USER命令修改用户的密码、密码过期,锁定,解锁
- Linux使用单用户模式修改root密码.
- Windows2003使用WEB方式修改域用户密码
- 配置使用web方式修改域用户帐户密码
- 使用SET命令修改用户密码
- 牛腩购物13: 整合用户资料修改 用户修改密码 asp.net登陆控件的使用(登录前 登陆后) 显示登录名 显示注销按钮
- IOSOpenDev~使用MobileTerminal修改越狱后的root密码
- 12c 用户密码已经过期,不修改密码的情况下使其永远使用下去