Update reset-ldap-password

bin/reset-ldap-password

@@ -1,5 +1,13 @@
-# Generate new password hash
+#!/bin/bash
-NEW_PASSWORD_HASH=`slappasswd -h {SSHA}`
+
+################################
+#   Set a temporary password   #
+################################
+
+# Generate a random temporary password (won't be valid after this script ends !)
+# and hash it
+TMP_LDAPROOT_PASSWORD=`slappasswd -g`
+TMP_LDAPROOT_PASSWORD_HASH=`slappasswd -h {SSHA} -s ${TMP_LDAPROOT_PASSWORD}`
 
 # Stop slapd service...
 service slapd stop
@@ -9,7 +17,7 @@ cp /etc/ldap/slapd.conf /root/slapd.conf.bkp
 
 # Append lines to slapd.conf to manually define root password hash
 echo 'rootdn "cn=admin,dc=yunohost,dc=org"' >> /etc/ldap/slapd.conf
-echo "rootpw $NEW_PASSWORD_HASH" >> /etc/ldap/slapd.conf
+echo "rootpw $TMP_LDAPROOT_PASSWORD_HASH" >> /etc/ldap/slapd.conf
 
 # Test conf (might not be entirely necessary though :P)
 slaptest -Q -u -f /etc/ldap/slapd.conf
@@ -27,3 +35,28 @@ mv /root/slapd.conf.bkp /etc/ldap/slapd.conf
 
 # Restart slapd service
 service slapd start
+
+#######################################
+#   Properly set new admin password   #
+#######################################
+
+# Call yunohost tools adminpw, using the tmp password, asking for new password...
+yunohost tools adminpw --admin-password ${TMP_LDAPROOT_PASSWORD}
+
+###########################
+#   Forget tmp password   #
+###########################
+
+# Stop slapd service
+service slapd stop
+
+# Regenerate slapd.d directory
+rm -Rf /etc/ldap/slapd.d
+mkdir /etc/ldap/slapd.d
+slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
+
+# Set permissions to slapd.d
+chown -R openldap:openldap /etc/ldap/slapd.d/
+
+# Restart slapd service
+service slapd start