#!/bin/bash
# $Id: passwd 5271 2005-12-21 14:43:47Z finnarne-guest $
# This script changes a users password in ldap - and if smbpasswd exists,
# also update samba password
# use at own risk


BASE="ou=People,dc=skole,dc=skolelinux,dc=no"
test "$HOST" || HOST="ldap"
NEWPASSWD=

NAME=$1

if [ -z "$NAME" ] ; then 
  echo -e "usage: 
    $0 <username>"
  exit 2
fi

# Who do you want to change password of ? 
# only admin user are allow to change password of admin user
case "$NAME" in 
  admin)
    ENTRY=cn
    BINDUSER=cn=admin,$BASE
    ;;
  smbadmin)
    ENTRY=cn
    BINDUSER=cn=admin,$BASE
    NEWPASSWD=$(makepasswd)

    ;;
  *) ENTRY=uid 
     BINDUSER=uid=$(id -un),$BASE
     ;;
esac

# Binding as admin only if you are root user,i
# If you are root, you should know the admin password
test $(id -u) -eq 0 && BINDUSER=cn=admin,$BASE

if [ -z "$NEWPASSWD" ] ; then 
  # Make sure we have a new password (and we know what it is)
  read -p "Enter new password for user $NAME: " -s NEWPASSWD
  echo
  read -p "Reenter new password: " -s CHKPASSWD
  echo
  if [ "$CHKPASSWD" != "$NEWPASSWD" ] ; then 
    echo "Sorry, passwords don't match"
    exit 2
  fi
fi

# NOW Try to change the password
RESULT="$(ldappasswd -h $HOST -xZW -s "$NEWPASSWD" -D $BINDUSER \
	   $ENTRY=$NAME,$BASE)"

if [ "$RESULT" != "Result: Success (0)" ] ; then 
  echo "Could not change ldap passwd for user $NAME"
  echo "ldappasswd returned $RESULT"
  exit 2
fi

if [ ! -x /usr/bin/smbpasswd ] ; then 
  echo "Hmm, no smbpasswd, what kind of installation is this?"
  exit 0
fi

# Need to look at python-smbpasswd for this part

case "$NAME" in 
  admin) ;;
  smbadmin)
    # If we've changed the smbadmin PW, we also need to change the stored password
    /usr/bin/smbpasswd -w "$NEWPASSWD" >/dev/null
    ;;
  *) 
    # root should be able to use smbpasswd directly
    if [ $(id -u) -eq 0 ] ; then 
      echo -e "$NEWPASSWD\n$NEWPASSWD" | /usr/bin/smbpasswd "$NAME" >/dev/null
    else # admin users should be able to use sudo
      echo -e "$NEWPASSWD\n$NEWPASSWD" | sudo /usr/bin/smbpasswd "$NAME" >/dev/null
    fi
    ;;
esac
