ActiveDirectoryのパスワードを日付で更新するスクリプト

after-update.applescript

(*
以下のようにAutomatorに設定する
1. シェルスクリプトを実行 (update-smbpasswd.sh)
2. AppleScriptを実行 (after-update.applescript)
3. ループ (ループして自動的に停止：30分)
*)

on run {input, parameters}
	if input is not in {{}, {""}, ""} then
		set AppleScript's text item delimiters to return
		set result to display dialog input as string buttons {"Retry", "Cancel"} with title "LDAPパスワード更新失敗 (30秒後に自動でリトライします)" default button {"Retry"} giving up after 30
		if (button returned of result) = "Cancel" then quit me
	else
		quet me
	end if
end run

update-smbpasswd.sh

#!/bin/bash
# -*- coding:utf-8-unix; -*-

# ActiveDirectoryのパスワードを日付で更新するShellScript

# ---------------------------
sambahost="samba.local"
accountid="myname"
prepasswd="mypass"
# ---------------------------

oldpasswd=`security find-generic-password -gs ${sambahost} 3>&1 2>&3 >/dev/null | awk -F'"' '{print $2}'`
newpasswd="${prepasswd}`date +"%m%d"`"

if [ -z "${oldpasswd}" ]; then
    echo "You must add password to keychain."
    echo "$ security add-generic-password -s ${sambahost} -a ${accountid} -p YOURPASSWORD"
    exit
elif [ "${oldpasswd}" = "${newpasswd}" ]; then
    echo "Already change password today."
    exit
fi

expect -c "
spawn /usr/local/bin/smbpasswd -r ${sambahost} -U ${accountid}
expect {
    \"Old SMB password:\" { send \"${oldpasswd}\r\"; exp_continue }
    \"New SMB password:\" { send \"${newpasswd}\r\"; exp_continue }
    \"Retype new SMB password:\" { send \"${newpasswd}\r\"; exp_continue }
    eof { exit [lindex [split [wait]] 3] }
}
" >/dev/null 2>&1

ret=${?}

if [ ${ret} -eq 0 ]; then
    security delete-generic-password -s ${sambahost} >/dev/null 2>&1
    security add-generic-password -s ${sambahost} -a ${accountid} -p ${newpasswd} >/dev/null 2>&1
else
    echo "Password change missing. (${ret})"
    exit
fi