[Date Prev][Date Next]
Re: using -y option for ldapsearch
At Mon, 1 Jun 2009 02:40:57 -0400,
> ldapsearch -x -h <Machine> -p <port> -s one -D <CN> -b <BASE_DN> -y pwdfile
> -v "(&(cn=fm*))" cn
The -D option takes DN, not CN.
> I tried the following.
> 1) I tried putting the plaintext password for <CN> in the file and it
> did not work.
If the pwdfile contains LF (\x0a) or others, strip it.
OpenLDAP ldap* commands use the entire contents in a pwdfile.
I think this is a bad design...
$ (umask 0077; echo -n "DN's password" >pwdfile)
$ tr -d '\n' <pwdfile \
|ldapsearch -x -h <Machine> -p <port> -s one -D <DN> -b <BASE_DN> -y /dev/stdin
IIRC, older OpenLDAP ldap* commands cannot use /dev/stdin for
the -y option.
-- Name: SATOH Fumiyasu (fumiyas @ osstech co jp)
-- Business Home: http://www.OSSTech.co.jp/
-- Personal Home: http://www.SFO.jp/blog/
> 2) I ran slappasswd to generate the hashed password for <CN> and
> directed the output to this file and it did not work.
> 3) The file permissions I tried are 700 and 600.
> What is this "-y" option and am I interpreting it correctly? Is there a
> specific format that this file should be in?