Je viens de retrouver ce bout de code.

ldap_reset_account.sh

#! /bin/bash
 
LDAP_BINDDN='cn=root,dc=acme,dc=corp'
LDAP_PASS=''
LDAP_SERVER='localhost'
LDAP_PORT='3890'
LDAP_SEARCHBASE='ou=people,dc=acme,dc=corp'
PASS_OLD_TXT='password'
FIC_TMP='/tmp/ldap-reset-password.ldif'
FIC_CSV='/tmp/ldap-newpassword.csv'
 
echo > $FIC_TMP
echo "dn;mail;pass" > $FIC_CSV
IFS_BCK="$IFS"
IFS=$'\t\n'
 
ALL_DN_ACCOUNT_OLDPASS="$(ldapsearch -p $LDAP_PORT -h $LDAP_SERVER -b $LDAP_SEARCHBASE "userPassword=$PASS_OLD_TXT" -D $LDAP_BINDDN -w $LDAP_PASS dn |grep ^dn:)"
 
for DN in $ALL_DN_ACCOUNT_OLDPASS
do
PASS_NEW_TXT=$(cat /dev/urandom  |tr -dc A-Za-z0-9 |head -c10 |tr -d "\n")
# GENERATION FICHIER LDIF
        echo $DN >>$FIC_TMP
        echo "changetype: modify" >>$FIC_TMP
        echo "replace: userPassword" >>$FIC_TMP
        echo "userPassword: $PASS_NEW_TXT" >>$FIC_TMP
        echo >> $FIC_TMP
# GENERATION CSV
        DN=$(echo $DN |sed -e 's/^dn: //')
        MAIL=$(ldapsearch -p $LDAP_PORT -h $LDAP_SERVER -b "$DN" -D $LDAP_BINDDN -w $LDAP_PASS mail |grep ^mail: |sed -e 's/^mail: //')
        echo "$DN;$MAIL;$PASS_NEW_TXT"
        echo "$DN;$MAIL;$PASS_NEW_TXT" >> $FIC_CSV
done
IFS="$IFS_BCK"
 
 
echo "ldapmodify -p $LDAP_PORT -h $LDAP_SERVER -D $LDAP_BINDDN -w $LDAP_PASS -f $FIC_TMP"

Tuto LDAP

apt-get install slapd ldapscripts ldap-utils shelldap

Exemple d'un compte utilisateur

dn: uid=prenom.nom.ext,ou=users,dc=truc,dc=domainad,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: prenom nom
gidNumber: 5400
givenName: prenom
homeDirectory: /home/prenom.nom.ext
initials: JB
loginShell: /bin/bash
mail: prenom.nom.ext@entreprise.com
shadowExpire: -1
shadowFlag: 0
shadowLastChange: 10877
shadowMin: 8
shadowWarning: 7
sn: nom
title: System Administrator
uid: prenom.nom.ext
uidNumber: 5400
userPassword: {SASL}prenom.nom.ext@truc.domainad.net

Tester la config

slaptest