1.安装perl-ldap
下载地址:http://search.cpan.org/~gbarr/perl-ldap/
前提是已经安装perl工具包。首先查看perl版本
[root@local~]perl -V
Built under linux
Compiled at Nov 8 2007 06:49:06
@INC:
/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/site_perl/5.8.8
/usr/lib/perl5/site_perl
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.8.8
/usr/lib/perl5/vendor_perl
/usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi
/usr/lib/perl5/5.8.8
接着,解压安装(安装方式是手动,不需要执行make)
[root@local~]tar -zxvpf perl-ldap-0.39.tar.gz
[root@local~]cd perl-ldap-0.39/lib
[root@local~]cp -a * /usr/lib/perl5/site_perl/5.8.8
2.安装perl-ldap依赖的Convert::ASN1模块
下载地址:http://search.cpan.org/search?module=Convert::ASN1
[root@local~]tar -zxvpf Convert-ASN1-0.22.tar.gz
[root@local~]cd Convert-ASN1-0.22
[root@local~]perl Makefile.PL
[root@local~]make
[root@local~]make install
3. 使用perl-ldap修改a user's password in MS Active Directory
[root@local~]$ vim chg_passwd.pl
#!/usr/bin/perl -w
use strict;
use Net::LDAPS;
my($Ad,$mesg,$uid,$pass,$npass,$dn,$rtn);
#($uid,$pass) = split(" ",<STDIN>);
$uid="test";
$pass="123456";
if (($uid eq "") or ($pass eq "")) {
print "Uid and/or password missing in input/n"; exit 1;
}
print "Trying to set $uid to password $pass/n";
# 1. Bind to the AD server
$Ad = Net::LDAPS->new("ad02.example.com", port=>636,version => 3) or print "Unable to connect to AD server/n",exit 2;
$Ad->bind(dn => "cn=administrator,ou=finance,dc=example,dc=com",password => "123456") or print "Unable to bind to AD server/n",exit 2;
#2. Do a AD lookup to get the dn for this user $mesg = $Ad->search(base => "DC=example,DC=com",filter => "cn=$uid"); print $mesg->count; print "/n"; if($mesg->count != 1) { print "AD lookup failed for user $uid/n"; exit 3; } #4. Add quotes and uniCode map { $npass .= "$_/000" } split(//,"/"$pass/""); #5. Now change their password. $dn = $mesg->entry(0)->dn; $rtn = $Ad->modify($dn,replace => [ "unicodePwd" => $npass ]); if($rtn->{'resultCode'} != 0) { print "User $uid,setting password failed/n"; exit 2; } #6. free $Ad->unbind(); print "Password for $uid changed in AD/n"; exit 0;