RE: web based user admin?

Leeds, J (Xerox Connect) Tue, 01 May 2001 11:59:16 -0700
Can't help with creating or deleting users, but here's the web script I
built for our help desk.  I've got it running on an IIS server, using
"Basic" authentication.  That means the help desk people need to be Account
Operators, but since they don't have Server Admin Tools available, and in
fact are in a completely separate domain, it's not a problem.  Plus, I only
gave their IDs permission to log onto the web server and the OWA box.

J

------begin perl script-----------

# Perl script for resetting domain passwords
# initial creation on 7/22/99 by James Leeds Jr.
# finally seems to work 7/27/99
# built on top of Group Member Query script
# includes code stolen from Ivan's logon query and Dave Roth's book
# configure IIS server to run this using BASIC authentication 
# password will be sent as clear text, so I recommend using SSL to encrypt
all data if you're on an insecure network
# All users who will use this must have right to log on locally to the IIS
server
# also, I think users must be Account Operators or Domain Admins for this to
work
# 
# modified 1/12/2000 to hopefully run at Bass
# version 2 4/20/2000
# version 3 4/25/2000  - yes, I really changed it that quickly
# version 4 8/28/00

# version 2 clears the "Password Never Expires" setting
# version 3 clears the "User Cannot Change Password" setting, and adds a
confirmation field
# version 4 removes HIW_US and Staybridge, and replaces them with the three
Bristol domains

use Win32;
use Win32::AdminMisc;
use Win32::NetAdmin;
use Win32API::Net;
use CGI qw(:all);

$username = CGI::param("username");
$domain = CGI::param("domain");
$password = CGI::param("password");
$confirm = CGI::param("confirm");
$expired = CGI::param("expired");

print header, start_html("WWW Password Reset Form"), h1("Password Reset
Form");
print "Password must be at least six characters long";
print hr();
print start_form();
print p("Domain", scrolling_list(
        -NAME => "domain",
        -VALUES => [ qw(bhrusa bristolnet sparkle citrixnet) ],
        -LABELS => {
                bhrusa     => "BHRUSA",
                bristolnet => "BRISTOLNET",
                sparkle    => "SPARKLE",
                citrixnet  => "CITRIXNET"
        },
        -SIZE => 1,
        -MULTIPLE => 0
));
print p("User Name ", textfield(
                -NAME=>"username",
                -OVERRIDE=>1)),
        ("New Password ", password_field(
                -NAME=>"password",
                -OVERRIDE=>1)),
   (" Confirm Password ", password_field(
      -NAME=>"confirm",
      -OVERRIDE=>1));
print p(submit("Submit"));
# print p(checkbox(
#      -NAME=>"expired",
#      -checked=>"ON",
#      -LABEL=>"User must change password at next logon"));
print end_form(), hr();

# determine if this has been run yet

if (param()) { # the form has been filled out previously, so return results
   unless ($password eq $confirm) {
      print p("Passwords do not match, please try again");
      print end_html
      exit
   }
   # Turn off the &quotePassword Does Not Expire&quote flag...
   if( Win32::AdminMisc::UserGetMiscAttributes( $domain, $username, \%Hash )
){
   $Hash{USER_FLAGS} = $Hash{USER_FLAGS} & ~UF_DONT_EXPIRE_PASSWD;
   Win32::AdminMisc::UserSetMiscAttributes( $domain, $username, USER_FLAGS,
$Hash{USER_FLAGS} );
   }
   if( Win32::AdminMisc::UserGetMiscAttributes( $domain, $username, \%Hash )
){
   $Hash{USER_FLAGS} = $Hash{USER_FLAGS} & ~UF_PASSWD_CANT_CHANGE;
   Win32::AdminMisc::UserSetMiscAttributes( $domain, $username, USER_FLAGS,
$Hash{USER_FLAGS} );
   }
   if (Win32::AdminMisc::SetPassword($domain, $username, $password)) {
                Win32::AdminMisc::UserSetMiscAttributes($domain, $username,
USER_PASSWORD_EXPIRED=>1);
                print p("Password changed sucessfully, user will be prompted
to change at next logon");
                }
        else {
                print p("Password not changed, please try again");
                }
        print end_html
        }
else {
        print end_html
        }

exit
        
-----------end perl script---------------

-----Original Message-----
From: rotaiv [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 01, 2001 12:52 PM
To: [EMAIL PROTECTED]
Subject: RE: web based user admin?


At 05/01/2001  11:02 AM, [EMAIL PROTECTED] wrote:

>Hi,
>         Anyone ever tried to use perl/win32 to create a web based
>admin tool?  I basically need to be able to create/delete and reset
>passwords.  Oh yeah, limiting "help desk" users to reseting passwords
>and creating/deleting users within their group too.  5 domains :)

I am doing something similar where user's unlock their own account by 
answering a few questions.  In my process, the web process saves the 
"unlock request" to a flat file and no further action is taken.  A second 
script, running in the background, detects the file and processes the 
requests.  This second script is running with appropriate privileges and 
can lock/unlock the accounts.  I use Win32::Net to manipulate the NT
account.

rotaiv.

_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
RE: web based user admin?

Reply via email to
