[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Scripting and passwords



On Tue, 2003-08-19 at 00:55, Dave Horsfall wrote:
> What do people do when they want to invoke "ldapmodify" etc from a script?
> Putting the password on the command line is silly, because it can be seen
> by "ps".  Do they use "-W" and cobble up a Tcl/Expect script (and if so,
> could they share it)?
> 
> If there's any interest, I'm prepared to modify ldap* to read the
> password from a file (or standard input).

I routinely use Perl with the Net::LDAP module. The username and
password is in the file but doesn't show up in the process list, of
course. To increase security, I would create a user with access to only
the portion of the DB that the script needs to update. If you need an
example script I'd be happy to forward you one.

-- 
Brendon Colby
Systems Administrator
Midcontinent Communications