1 Jun
2009
1 Jun
'09
6:07 a.m.
At Mon, 1 Jun 2009 02:40:57 -0400, Sai wrote:
ldapsearch -x -h <Machine> -p <port> -s one -D <CN> -b <BASE_DN> -y pwdfile -v "(&(cn=fm*))" cn
The -D option takes DN, not CN.
I tried the following.
I tried putting the plaintext password for <CN> in the file and itdid not work.
If the pwdfile contains LF (\x0a) or others, strip it. OpenLDAP ldap* commands use the entire contents in a pwdfile. I think this is a bad design...
Try:
$ (umask 0077; echo -n "DN's password" >pwdfile) $
or:
$ tr -d '\n' <pwdfile \ |ldapsearch -x -h <Machine> -p <port> -s one -D <DN> -b <BASE_DN> -y /dev/stdin
IIRC, older OpenLDAP ldap* commands cannot use /dev/stdin for the -y option.
--
-- Name: SATOH Fumiyasu (fumiyas @ osstech co jp)
-- Business Home: http://www.OSSTech.co.jp/
-- Personal Home: http://www.SFO.jp/blog/
> 2) I ran slappasswd to generate the hashed password for <CN> and
> directed the output to this file and it did not work.
>
> 3) The file permissions I tried are 700 and 600.
>
> What is this "-y" option and am I interpreting it correctly? Is there a
> specific format that this file should be in?