[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using -y option for ldapsearch

At Mon, 1 Jun 2009 02:40:57 -0400,
Sai wrote:
> ldapsearch -x -h <Machine> -p <port> -s one -D <CN> -b <BASE_DN> -y pwdfile
> -v "(&(cn=fm*))" cn

The -D option takes DN, not CN.

> I tried the following.
> 1)       I tried putting the plaintext password for <CN> in the file and it
> did not work.

If the pwdfile contains LF (\x0a) or others, strip it.
OpenLDAP ldap* commands use the entire contents in a pwdfile.
I think this is a bad design...


  $ (umask 0077; echo -n "DN's password" >pwdfile)


  $ tr -d '\n' <pwdfile \
  |ldapsearch -x -h <Machine> -p <port> -s one -D <DN> -b <BASE_DN> -y /dev/stdin

IIRC, older OpenLDAP ldap* commands cannot use /dev/stdin for
the -y option.

-- Name: SATOH Fumiyasu (fumiyas @ osstech co jp)
-- Business Home: http://www.OSSTech.co.jp/
-- Personal Home: http://www.SFO.jp/blog/

> 2)       I ran slappasswd to generate the hashed password for <CN> and
> directed the output to this file and it did not work.
> 3)       The file permissions I tried are 700 and 600.
> What is this "-y" option and am I interpreting it correctly? Is there a
> specific format that this file should be in?