[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3673) ldapsearch -y



The behavior of -y is as intended, and as documented:
  -y passwdfile   Use complete contents of passwdfile as the
                   password for simple authentication.

Your request to change the behavior of -y is rejected as
any such change would 1) create backwards compatibility
issues and 2) limit functionality.

Kurt

At 12:24 PM 4/20/2005, morgan@lysator.liu.se wrote:
>Full_Name: Morgan Nilsson
>Version: 2.2.13-2
>OS: Fedora Core 3
>URL: 
>Submission from: (NULL) (217.215.66.55)
>
>
>Summary:
>
>"ldapsearch -y /etc/ldap.secret" should be able to handle newline in
>/etc/ldap.secret because pam_ldap requires a newline.
>
>How to reproduce:
>
>0. Setup your system to use LDAP for authetication.
>1. Create a user "foobar" in LDAP.
>2. Stop nscd (just to be sure we query LDAP)
>
>Version 1: pam_ldap works with newline in /etc/ldap.secret, but not ldapsearch
>-y
>
>3. Make sure /etc/ldap.secret ends in a newline.
>4. id foobar
>uid=...
>5. ldapsearch -y /etc/ldap.secret ... (uid=foobar)... => 
>ldap_bind: Invalid credentials (49)
>
>Version 2: ldapsearch -y works with newline in /etc/ldap.secret, but not
>pam_ldap
>
>6. Make sure /etc/ldap.secret does not end in a newline.
>7. id foobar
>id: foobar: No such user
>8. ldapsearch -y /etc/ldap.secret ... (uid=foobar)... => 
>(search result OK)