[Pkg-openldap-devel] Bug#241202: ldapmodify does not honor -y option
Russ Allbery
rra at debian.org
Thu May 31 01:16:56 UTC 2007
tags 241202 moreinfo
thanks
This is in response to a Debian bug you filed in 2004. My apologies for
the long delay in responding.
> and I can also perform the following:
>
> cat ldif |ldapmodify -x -D cn=admin,dc=gnuarch,dc=org \
> -w `cat /etc/ldap.secret`
> modifying entry "uid=jblack,ou=People,dc=gnuarch,dc=org"
>
>
> but I can not run the following:
> cat ldif |ldapmodify -x -D cn=admin,dc=gnuarch,dc=org -w \
> -y /etc/ldap.secret
> ldap_bind: Invalid credentials (49)
The behavior of -y and of `cat file` is different. -y uses every byte of
the file as the password, including any trailing newline, whereas
backticks will strip any trailing newline and using backticks like that on
the command line will remove any leading or trailing whitespace.
My guess is that this is working as upstream intended it to and your file
contained whitespace that isn't actually part of your password. This is
somewhat documented in the man page:
-y passwdfile
Use complete contents of passwdfile as the password for simple
authentication.
They really do mean complete.
Could you confirm whether this was the problem that you were having?
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-openldap-devel
mailing list