func main() {
// Login as the admin and change the password of an user (without providing the old password)
log.Printf("Logging in as the admin and changing the password of user (without providing the old password")
l, err := login(adminUser, adminPassword)
if err != nil {
log.Fatalf("ERROR: %s\n", err.Error())
}
passwordModifyRequest := ldap.NewPasswordModifyRequest(user, "", password1)
_, err = l.PasswordModify(passwordModifyRequest)
if err != nil {
l.Close()
log.Fatalf("ERROR: Cannot change password: %s\n", err)
}
log.Printf("Done")
l.Close()
// Login as the user and change the password without providing a new password.
log.Printf("Logging in as the user and changing the password without providing a new one")
l, err = login(user, password1)
if err != nil {
log.Fatalf("ERROR: %s\n", err.Error())
}
passwordModifyRequest = ldap.NewPasswordModifyRequest("", password1, "")
passwordModifyResponse, err := l.PasswordModify(passwordModifyRequest)
if err != nil {
l.Close()
log.Fatalf("ERROR: Cannot change password: %s\n", err)
}
generatedPassword := passwordModifyResponse.GeneratedPassword
log.Printf("Done. Generated password: %s\n", generatedPassword)
l.Close()
// Login as the user with the generated password and change it to another one
log.Printf("Logging in as the user and changing the password")
l, err = login(user, generatedPassword)
if err != nil {
log.Fatalf("ERROR: %s\n", err.Error())
}
passwordModifyRequest = ldap.NewPasswordModifyRequest("", generatedPassword, password2)
_, err = l.PasswordModify(passwordModifyRequest)
if err != nil {
l.Close()
log.Fatalf("ERROR: Cannot change password: %s\n", err)
}
log.Printf("Done")
l.Close()
}
func (ls *LdapSource) PasswordChange(uid, oldPasswd, newPasswd string) error {
userdn := ls.UDN(uid)
err := ls.Bind(userdn, oldPasswd, true)
if err != nil {
return err
}
passwordModifyRequest := ldap.NewPasswordModifyRequest(userdn, oldPasswd, newPasswd)
passwordModifyResponse, err := ls.c.PasswordModify(passwordModifyRequest)
if err != nil {
log.Printf("PasswordModify ERR: %s", err)
return err
}
log.Printf("passwordModifyResponse: %v", passwordModifyResponse)
return nil
}
func ExampleConn_PasswordModify_admin() {
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
log.Fatal(err)
}
defer l.Close()
err = l.Bind("cn=admin,dc=example,dc=com", "password")
if err != nil {
log.Fatal(err)
}
passwordModifyRequest := ldap.NewPasswordModifyRequest("cn=user,dc=example,dc=com", "", "NewPassword")
_, err = l.PasswordModify(passwordModifyRequest)
if err != nil {
log.Fatalf("Password could not be changed: %s", err.Error())
}
}
func ExampleConn_PasswordModify_generatedPassword() {
l, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", "ldap.example.com", 389))
if err != nil {
log.Fatal(err)
}
defer l.Close()
err = l.Bind("cn=user,dc=example,dc=com", "password")
if err != nil {
log.Fatal(err)
}
passwordModifyRequest := ldap.NewPasswordModifyRequest("", "OldPassword", "")
passwordModifyResponse, err := l.PasswordModify(passwordModifyRequest)
if err != nil {
log.Fatalf("Password could not be changed: %s", err.Error())
}
generatedPassword := passwordModifyResponse.GeneratedPassword
log.Printf("Generated password: %s\n", generatedPassword)
}
func changeLdapPassword(user *userConfig) error {
l := &ldapConfig{"base_dn", 389, "127.0.0.1"}
conn, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", l.address, l.port))
if err != nil {
return err
}
defer conn.Close()
err = conn.Bind(l.baseDN, user.password)
if err != nil {
return err
}
passwordModifyRequest := ldap.NewPasswordModifyRequest("", user.password, user.newPassword)
_, err = conn.PasswordModify(passwordModifyRequest)
if err != nil {
return err
}
return nil
}
