Differences
This shows you the differences between two versions of the page.
linux_wiki:freeipa_user_password_reset [2016/11/26 22:54] 127.0.0.1 external edit |
linux_wiki:freeipa_user_password_reset [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== FreeIPA Password Reset ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Script that sets an IPA account to a random string and e-mails it to the user with instructions for setting a new password. | ||
- | |||
- | **Checklist** | ||
- | * Distro(s): | ||
- | * Other: [[http:// | ||
- | |||
- | ---- | ||
- | |||
- | ====== The Script ====== | ||
- | |||
- | Run this script from your FreeIPA server | ||
- | <code bash user-password-reset.sh> | ||
- | #!/bin/bash | ||
- | # Name: user-password-reset.sh | ||
- | # Description: | ||
- | # Last Updated: 2016-11-02 | ||
- | # Recent Changes: | ||
- | # -Added argument support for help and username passing | ||
- | ############################################################################################### | ||
- | |||
- | ##### Customize These Variables ##### | ||
- | # admin credentials | ||
- | admin_user=" | ||
- | |||
- | # system admins email | ||
- | system_admins_email=" | ||
- | |||
- | # self-service portal URL | ||
- | self_service_portal=" | ||
- | |||
- | # Temp file for e-mail message | ||
- | pass_reset_email="/ | ||
- | ##### End of Customize Variables ##### | ||
- | |||
- | # | ||
- | # Functions; Main starts after | ||
- | # | ||
- | function show_usage | ||
- | { | ||
- | echo -e " | ||
- | echo -e " | ||
- | echo -e " | ||
- | echo -e " | ||
- | echo -e " | ||
- | echo -e " | ||
- | echo -e "-u username | ||
- | echo -e " | ||
- | echo -e "-> FreeIPA admin access." | ||
- | echo -e | ||
- | } | ||
- | |||
- | # | ||
- | # Get Script Arguments | ||
- | # | ||
- | # Reset POSIX variable in case it has been used previously in this shell | ||
- | OPTIND=1 | ||
- | |||
- | while getopts " | ||
- | case " | ||
- | h) # -h (help) argument | ||
- | show_usage | ||
- | exit 0 | ||
- | ;; | ||
- | u) # -u (username) argument | ||
- | username=" | ||
- | ;; | ||
- | *) # invalid argument | ||
- | show_usage | ||
- | exit 0 | ||
- | ;; | ||
- | esac | ||
- | done | ||
- | |||
- | # | ||
- | # Main Starts Here | ||
- | # | ||
- | |||
- | # Pre-check - see if we have a kerberos ticket, if not, prompt login | ||
- | / | ||
- | if [[ $? -ne 0 ]]; then | ||
- | echo ">> | ||
- | / | ||
- | echo | ||
- | fi | ||
- | |||
- | echo -e " | ||
- | echo -e "#### | ||
- | echo -e " | ||
- | echo | ||
- | echo -e "This script will set a user's password to something random and e-mail it to them.\n" | ||
- | |||
- | ## If no username argument password, prompt for username | ||
- | if [[ -z " | ||
- | echo -en " | ||
- | read username | ||
- | echo | ||
- | fi | ||
- | |||
- | ## Show user info and prompt to reset | ||
- | / | ||
- | echo -e " | ||
- | read reset_password | ||
- | |||
- | if [[ ${reset_password} != " | ||
- | echo -e " | ||
- | exit 1 | ||
- | fi | ||
- | |||
- | ## Ensure account is enabled | ||
- | echo -e " | ||
- | / | ||
- | |||
- | ## Ensure account is unlocked | ||
- | echo -e " | ||
- | / | ||
- | |||
- | ## Generate a random password, get user's e-mail address and first name | ||
- | echo -e " | ||
- | random_password=" | ||
- | |||
- | ## Gather first name and email address | ||
- | name_email=" | ||
- | first_name=" | ||
- | email_address=" | ||
- | |||
- | ## Create password reset e-mail file to send user | ||
- | echo " | ||
- | echo -e " | ||
- | echo ${random_password} >> ${pass_reset_email} | ||
- | |||
- | echo -e " | ||
- | |||
- | echo -e " | ||
- | |||
- | echo -e " | ||
- | |||
- | echo -e " | ||
- | echo "> | ||
- | echo "> | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | echo " | ||
- | |||
- | echo -e "\nIf you have any questions, please contact your System Administrators." | ||
- | echo -e " | ||
- | echo " | ||
- | |||
- | ## E-mail User the random password with login instructions | ||
- | echo -e " | ||
- | / | ||
- | |||
- | echo -e " | ||
- | cat /dev/null > ${pass_reset_email} | ||
- | |||
- | echo -e " | ||
- | echo -e "#### | ||
- | echo -e " | ||
- | </ | ||
- | |||
- | ---- | ||