[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Scripting and passwords

To: Dave Horsfall <daveh@ci.com.au>
Subject: Re: Scripting and passwords
From: Brendon Colby <bren@midco.net>
Date: Tue, 19 Aug 2003 08:59:49 -0500
Cc: OpenLDAP Software List <openldap-software@OpenLDAP.org>
In-reply-to: <20030819154819.E17421@mippet.ci.com.au>
Organization: Midcontinent Communications
References: <20030819154819.E17421@mippet.ci.com.au>

On Tue, 2003-08-19 at 00:55, Dave Horsfall wrote:
> What do people do when they want to invoke "ldapmodify" etc from a script?
> Putting the password on the command line is silly, because it can be seen
> by "ps".  Do they use "-W" and cobble up a Tcl/Expect script (and if so,
> could they share it)?
> 
> If there's any interest, I'm prepared to modify ldap* to read the
> password from a file (or standard input).

I routinely use Perl with the Net::LDAP module. The username and
password is in the file but doesn't show up in the process list, of
course. To increase security, I would create a user with access to only
the portion of the DB that the script needs to update. If you need an
example script I'd be happy to forward you one.

-- 
Brendon Colby
Systems Administrator
Midcontinent Communications

Follow-Ups:
- Re: Scripting and passwords
  - From: Dave Horsfall <daveh@ci.com.au>

References:
- Scripting and passwords
  - From: Dave Horsfall <daveh@ci.com.au>

Prev by Date: Re[2]: Problems with SASL & openLDAP
Next by Date: Re: Re[2]: Problems with SASL & openLDAP
Index(es):
- Chronological
- Thread