Hi Fumiyasu,
That worked. I was thinking of the extra lines at the end but I was not thinking about the line end characters.
Thanks Once again.
I suppose it should only contain plain text and not any encrypted / hashed form? I tried the hashed form generated by slappasswd but in vain.
If you think there is any other option, please let me know.
-To love is to risk not being loved in return. To hope is to risk pain. To try is to risk failure, but risk must be taken because the greatest hazard in life is to risk nothing.
Thanks,
-Sai
-----Original Message----- From: SATOH Fumiyasu [mailto:fumiyas@osstech.jp] Sent: Monday, June 01, 2009 9:10 AM To: Sai; openldap-technical@openldap.org Subject: Re: using -y option for ldapsearch
Oops...
At Mon, 01 Jun 2009 22:07:46 +0900, SATOH Fumiyasu wrote:
If the pwdfile contains LF (\x0a) or others, strip it. OpenLDAP ldap* commands use the entire contents in a pwdfile. I think this is a bad design...
Try:
$ (umask 0077; echo -n "DN's password" >pwdfile) $
$ ldapsearch -x -h <Machine> -p <port> -s one -D <DN> -b <BASE_DN> -y pwdfile
or:
$ tr -d '\n' <pwdfile \ |ldapsearch -x -h <Machine> -p <port> -s one -D <DN> -b <BASE_DN> -y
/dev/stdin
IIRC, older OpenLDAP ldap* commands cannot use /dev/stdin for the -y option.