Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ldapsearch in monitoring script without bind password written in script
Top Forums UNIX for Advanced & Expert Users ldapsearch in monitoring script without bind password written in script Post 302558012 by Corona688 on Thursday 22nd of September 2011 01:39:35 PM
Old 09-22-2011
Well, for starters, your password's probably visible to anyone on the system who cares to run ps aux right now. (or whatever ps options for your system show the commandline parameters.) Putting it in a file nixes that.

As for file permissions, you could make the file owned by ldap or something and set 600, so only that user (or root) can read it. Then don't let anyone login to that account. And use sudo to run ldapsearch as that special user.

Nobody can get the password file unless they jump through your hoops, and the one way they're allowed to use it won't hand them the contents.

It won't be protected from root, of course. If the program needs to be given the password as plaintext, you can't protect the password from root, period.
Last edited by Corona688; 09-22-2011 at 02:48 PM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Simple shell script to be written

There are 2 shell script files sh1 and sh2. sh2 contains records such as 01 02 03 on different lines. In sh1, I would like to read each record of sh2 till end of file, concatenate them with a comma(,) and store in a variable. Can somebody please help me with the sh1 script? Thanks in... (2 Replies)
Discussion started by: shsandeep
2 Replies

2. Shell Programming and Scripting

Simple shell script to be written

There are 2 shell script files sh1 and sh2. sh2 contains records such as 01 02 03 on different lines. In sh1, I would like to read each record of sh2 till end of file, concatenate them with a comma(,) and store in a variable. Can somebody please help me with the sh1 script? Thanks in... (6 Replies)
Discussion started by: shsandeep
6 Replies

3. Shell Programming and Scripting

what's the largest shell script you've ever written?

I've just written a test harness using ksh. One of scripts weighed in at 1206 lines. I came across Eric Raymonds 'Art of Unix programming' on line and he advises against excessively large scripts. I am very interested to hear people's opinions on this and any experiences they have had. (2 Replies)
Discussion started by: OFFSIHR
2 Replies

4. UNIX for Dummies Questions & Answers

can a korn shell script be written on HP-UNIX?

Is HP UNIX and Korn different flavours of unix? can a korn shell script be written on HP Unix? (4 Replies)
Discussion started by: soujanya_srk
4 Replies

5. IP Networking

Help Needed regarding Ldapsearch script

Hi guys, I very appreciate for answering to my previous query. I have encountered another problem.I have a perl script to display required networking information like DNS,gateway,etc. to be changed in a remote computer which is to be added to a computing cluster. I need a script which... (0 Replies)
Discussion started by: pranav.mehta3
0 Replies

6. Shell Programming and Scripting

Apply Password to already Written XLS File.

I need to apply password protection to a xls file.I had looked at SpreadSheet::WriteExcel but problem being i dont want to write the contents of file again as the formatting the file would be a pain. Is there way in which i write a entire file in one go , something like this ... (0 Replies)
Discussion started by: dinjo_jo
0 Replies

7. Red Hat

ldapsearch bash script help

Hi there everyone. I'm trying to make a bash script that accepts some arguments ans give's back some info about LDAP users and servers. I have this function : has_group_access(){ result=$(ldapsearch -LLL "cn=${GROUP_NAME}" cn member | cut -d"," -f1 | cut -d":" -f2 | cut -d"=" -f2 | grep... (1 Reply)
Discussion started by: theboogymaster
1 Replies

8. Shell Programming and Scripting

useless line feeds in ldapsearch output. Howto remove with shell script?

Hi $ cat ad.sh ldapsearorg -x -LLL -h sb1131z.testbadbigcorp.org -D "CN=ADMINZZ,OU=AdminRoles,DC=testbadbigcorp,DC=org" -w "UT3w4f57lll--4...4" -b "OU=Test,DC=testbadbigcorp,DC=org" "(&(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295)))))" dn$... (3 Replies)
Discussion started by: slashdotweenie
3 Replies

9. Programming

How could I interact with shell script from webportal written in php?

Hello, I am new on PHP scripting .I have shell scripts which I an running currently from linux server but now I want to make a web portal from where I will run all my scripts but the problem is all my scripts ask for parameters so I am getting confused how could I run my shell script from web... (2 Replies)
Discussion started by: anuragpgtgerman
2 Replies

10. Shell Programming and Scripting

BASH- Hold script until all contents of a file is written

I have to hit a very large database to pull fields of information. I have a script that runs multiple instance of the same query against the data base and writes contents to a file. The script terminates before the file is completely written to confirmed by ps -ef | grep <script name>... (3 Replies)
Discussion started by: popeye
3 Replies

LEARN ABOUT CENTOS

monitor

MONITOR(8)						      System Manager's Manual							MONITOR(8)

NAME

       monitor - Directory Server script for monitoring database performance

SYNOPSIS

       monitor [ -Z serverID ] [ -D rootdn ] [ -w password ] [ -b basedn ] [-P protocol] [-h]

DESCRIPTION

       Retrieves performance monitoring information. To run this script, the server must be running.

OPTIONS

       A summary of options is included below:

       -Z Server Identifier
	      The server ID of the Directory Server instance.  If there is only one instance on the system, this option can be skipped.

       -D Root DN
	      The Directory Manager DN, or root DN.  If not specified, the script will search the server instance configuration for the value.

       -w password
	      The rootdn password.

       -b basedn
	      The DN of a backend from cn=config.

       -P Protocol
	      The  connection  protocol  to  connect  to the Directory Server.	Protocols are STARTTLS, LDAPS, LDAPI, and LDAP.  If this option is
	      skipped, the most secure protocol that is available is used.  For LDAPI, AUTOBIND is also available for the root user.

       -h
	      Display the usage.

EXAMPLE

       monitor -P STARTTLS

	      Note: security must be enabled to use protocol STARTTLS.	If STARTTLS is not available it will default to  next  strongest/available
	      protocol automatically.

       monitor -Z instance2 -D 'cn=directory manager' -w password -b 'cn=monitor,cn=userRoot,cn=ldbm database,cn=plugins,cn=config'

	      Note: You only need to bind as the root DN if you want to look at a backend monitor.

DIAGNOSTICS

       Exit status is zero if no errors occur.	Errors result in a non-zero exit status and a diagnostic message being written to standard error.

AUTHOR

       monitor was written by the 389 Project.

REPORTING BUGS

       Report bugs to http://bugzilla.redhat.com.

COPYRIGHT

       Copyright (C) 2013 Red Hat, Inc.

								    Mar 5, 2013 							MONITOR(8)
All times are GMT -4. The time now is 12:37 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy