OpenLDAP has a nice "feature" that allows for group members to continue to exist, even if the user does not exist any more. Really handy! Problem is, if you, say, have a user in the "Domain Admins" group, and you delete that account, and then some normal user comes along with the same username, they will end up with unexpected elevated privileges.

So I created a script that I run weekly that finds group members that no longer exist, and sends me a report. It also tells me which groups are empty.

This relies on my toolbox... Find it here.

Ok... Now that we have our toolbox Let's do something with it. Today we'll look at a simple solution to an everyday problem. Resetting a password.

Now for the tools. There's a lot here, but in further articles you will see how this can be useful. I'll go through each tool with what it does, how to call it, and then the code itself.

NOTE: This uses the foundations in parts 1 and 2. You can find them here: Part 1 Part 2

In our journey of code, it is always useful to have a foundation. For starters you will need to make sure that you have the following PERL packages installed, as we will be using them regularly.

Net::LDAP
Authen::SASL
IO::Socket::SSL
Digest::SHA
Mail::Sendmail
Crypt::SmbHash
CGI

I have found that some of these are much easier to install via packages (yum or apt-get), specifically Authen::SASL, as it requires Net::SSLeay, which requires it be compiled with the same compiler as your original perl installation. Most of the others can be installed from cpan.

For anyone spamming blogs, especially my blog, this is the proper way to do it. This comment is vaguely related enough that it seems like maybe the person just missed the point they were trying to make, or is a bad writer. In fact, it was copied from this Amazon review of a DVD from 2007.

So rather than general Russian cyrillic nonsense, how about you morons try a little harder. I'm leaving that comment up as a monument to the way you idiots should be working. Put your damn back into it once in a while.