From 1cb0a26b06a793f10a8bc036f55fc7d490519b6c Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 18 Jul 2019 18:31:25 +0200 Subject: [PATCH] We don't need this ugly trick anymore if we forgot the adminpw --- sbin/yunohost-reset-ldap-password | 68 +------------------------------ 1 file changed, 1 insertion(+), 67 deletions(-) diff --git a/sbin/yunohost-reset-ldap-password b/sbin/yunohost-reset-ldap-password index 916b70b18..95f84875f 100755 --- a/sbin/yunohost-reset-ldap-password +++ b/sbin/yunohost-reset-ldap-password @@ -1,69 +1,3 @@ #!/bin/bash - -################################ -# Set a temporary password # -################################ - -# Generate a random temporary password (won't be valid after this script ends !) -# and hash it -TMP_LDAPROOT_PASSWORD=`slappasswd -g` -TMP_LDAPROOT_PASSWORD_HASH=`slappasswd -h {SSHA} -s ${TMP_LDAPROOT_PASSWORD}` - -# Stop slapd service... -service slapd stop - -# Backup slapd.conf (to be restored at the end of script) -cp /etc/ldap/slapd.conf /root/slapd.conf.bkp - -# Append lines to slapd.conf to manually define root password hash -echo 'rootdn "cn=admin,dc=yunohost,dc=org"' >> /etc/ldap/slapd.conf -echo "rootpw $TMP_LDAPROOT_PASSWORD_HASH" >> /etc/ldap/slapd.conf - -# Test conf (might not be entirely necessary though :P) -slaptest -Q -u -f /etc/ldap/slapd.conf - -# Regenerate slapd.d directory -rm -Rf /etc/ldap/slapd.d -mkdir /etc/ldap/slapd.d -slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1 - -# Set permissions to slapd.d -chown -R openldap:openldap /etc/ldap/slapd.d/ - -# Restore slapd.conf -mv /root/slapd.conf.bkp /etc/ldap/slapd.conf - -# Restart slapd service -service slapd start - -####################################### -# Properly set new admin password # -####################################### - -# Display tmp password to user -# NB : we do NOT pass it as a command line argument for "yunohost tools adminpw" -# as a malicious user could run a script in background waiting for this command -# to pop in ps -ef and automatically do nasty stuff in the ldap database -# meanwhile. -echo "Use this temporary password when asked for the administration password : $TMP_LDAPROOT_PASSWORD" - -# Call yunohost tools adminpw for user to set new password +echo "Warning: this script is now deprecated. You can simply type 'yunohost tools adminpw' to change the root/admin password." yunohost tools adminpw - -########################### -# Forget tmp password # -########################### - -# Stop slapd service -service slapd stop - -# Regenerate slapd.d directory -rm -Rf /etc/ldap/slapd.d -mkdir /etc/ldap/slapd.d -slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1 - -# Set permissions to slapd.d -chown -R openldap:openldap /etc/ldap/slapd.d/ - -# Restart slapd service -service slapd start