[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: using -y option for ldapsearch

Hi Fumiyasu,

That worked. I was thinking of the extra lines at the end but I was not
thinking about the line end characters.

Thanks Once again.

I suppose it should only contain plain text and not any encrypted / hashed
form? I tried the hashed form generated by slappasswd but in vain.

If you think there is any other option, please let me know.

-To love is to risk not being loved in return. To hope is to risk pain. To
try is to risk failure, but risk must be taken because the greatest hazard
in life is to risk nothing.




-----Original Message-----
From: SATOH Fumiyasu [mailto:fumiyas@osstech.jp] 
Sent: Monday, June 01, 2009 9:10 AM
To: Sai; openldap-technical@openldap.org
Subject: Re: using -y option for ldapsearch


At Mon, 01 Jun 2009 22:07:46 +0900,
SATOH Fumiyasu wrote:
> If the pwdfile contains LF (\x0a) or others, strip it.
> OpenLDAP ldap* commands use the entire contents in a pwdfile.
> I think this is a bad design...
> Try:
>   $ (umask 0077; echo -n "DN's password" >pwdfile)
>   $ 

    $ ldapsearch -x -h <Machine> -p <port> -s one -D <DN> -b <BASE_DN> -y
> or:
>   $ tr -d '\n' <pwdfile \
>   |ldapsearch -x -h <Machine> -p <port> -s one -D <DN> -b <BASE_DN> -y
> IIRC, older OpenLDAP ldap* commands cannot use /dev/stdin for
> the -y option.