#!/usr/bin/perl

if(! $ARGV[2] ) { die "Usage: $0 <user> <old-password> <new-password>\n"; }

my $user = $ARGV[0];
my $opass = $ARGV[1];
my $npass = $ARGV[2];

# localhost should answer with an SSL wrapper, that relays to the AD
# server
my $ldap_serv = "localhost";
my $ldap_base = "cn=users,dc=win2k,dc=tellme,dc=com";

use Net::LDAP;

my $conn = Net::LDAP->new($ldap_serv) or die "LDAP->new: $ldap_serv: $!\n";
my $return = $conn->bind(dn=>"cn=$user,$ldap_base", password=>$opass);
if( $return->is_error ) { die "error: " . $return->error . "\n"; }

my $ophc, $nphc;
$ophc = "\"$opass\""; $ophc =~ s/(.)/$1\000/g;
$nphc = "\"$npass\""; $nphc =~ s/(.)/$1\000/g;

$return = $conn->modify("cn=$user,$ldap_base", changes => [
    add    => [ 'unicodePwd' => $nphc ],
    delete => [ 'unicodePwd' => $ophc ]
]);

if( $return->is_error ) { die "error: " . $return->error . "\n"; }