[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: using -y option for ldapsearch

To: "Sai" <bangaru.adabala@gmail.com>
Subject: Re: using -y option for ldapsearch
From: SATOH Fumiyasu <fumiyas@osstech.jp>
Date: Mon, 01 Jun 2009 22:07:46 +0900
Cc: openldap-technical@openldap.org
In-reply-to: <5291CE201E3C450DB656C423B1B2A253@SURYA>
Organization: OSS Technology, Inc. / Samba-JP / LDAP-JP / Apache-JP
References: <5291CE201E3C450DB656C423B1B2A253@SURYA>
User-agent: Wanderlust/2.14.0 (Africa) XEmacs/21.4 (Instant Classic)

At Mon, 1 Jun 2009 02:40:57 -0400,
Sai wrote:
> ldapsearch -x -h <Machine> -p <port> -s one -D <CN> -b <BASE_DN> -y pwdfile
> -v "(&(cn=fm*))" cn

The -D option takes DN, not CN.

> I tried the following.
> 1)       I tried putting the plaintext password for <CN> in the file and it
> did not work.

If the pwdfile contains LF (\x0a) or others, strip it.
OpenLDAP ldap* commands use the entire contents in a pwdfile.
I think this is a bad design...

Try:

  $ (umask 0077; echo -n "DN's password" >pwdfile)
  $ 

or:

  $ tr -d '\n' <pwdfile \
  |ldapsearch -x -h <Machine> -p <port> -s one -D <DN> -b <BASE_DN> -y /dev/stdin

IIRC, older OpenLDAP ldap* commands cannot use /dev/stdin for
the -y option.

-- 
-- Name: SATOH Fumiyasu (fumiyas @ osstech co jp)
-- Business Home: http://www.OSSTech.co.jp/
-- Personal Home: http://www.SFO.jp/blog/

> 2)       I ran slappasswd to generate the hashed password for <CN> and
> directed the output to this file and it did not work.
> 
> 3)       The file permissions I tried are 700 and 600.
> 
> What is this "-y" option and am I interpreting it correctly? Is there a
> specific format that this file should be in?

Follow-Ups:
- Re: using -y option for ldapsearch
  - From: SATOH Fumiyasu <fumiyas@osstech.jp>

References:
- using -y option for ldapsearch
  - From: "Sai" <bangaru.adabala@gmail.com>

Prev by Date: Re: Error while using relay
Next by Date: Re: using -y option for ldapsearch
Index(es):
- Chronological
- Thread