Hi,
Awesome job on porting OpenLDAP, I really appreciate it.
I'm trying to use the ldap tools with -y to specify a file that contains the simple bind password instead of using -w to put it on the command line. I can't seem to get it to work. I thought maybe the file needed to be in a certain format but changing it to STMLF didn't seem to work for me. What is the trick or is this a bug in the ported code?
For example:
This works:
$ ldapsearch -x "-LLL" "-D" "xxxxxxxx" -w "some_pass_here" samaccountname=some_random_name title
dn: CN=some_random_name,OU=groupname,DC=domain_controller,DC=internal_group_name,DC=net
title: internal_company_position
# refldaps://some_domain_name/DC=DomainDnsZones,DC=
domain_controller,DC=internal_group_name,DC=net
But this doesn't:
$ ldapsearch -x "-LLL" "-D" "xxxxxxxx" -y ldap_passwd.txt samaccountname=some_random_name memberOf
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580
The password is in mixed case. I tried putting the password exactly like that in the file and even within double quotes and still no luck.
Any help would be appreciated.
Thanks,
Dave
ldap tools using -y for password file
ldap tools using -y for password file
Last edited by marty.stu on Thu Oct 27, 2022 9:24 am, edited 2 times in total.
Re: ldap tools using -y for password file
Hello Dave,
We fixed similar problem for password files that specified as file link in ldifs. It is possible that in your case the same problem.
If it so we fix it in the nearest future.
Please check your password file info:
dir/full ldap_passwd.txt
....
Record format: VFC, 2 byte header, maximum 0 bytes, longest 5 bytes
....
If the file record format is similar to yours than it is the same problem.
Workaround for this problem is to create a file with the next record format:
Record format: Variable length, maximum 0 bytes, longest 4 bytes
Usually the VFS record format have files that were created by PIPE output redirection PIPE .... > file.txt
If you create file by edit file and if the problem that I described above it will be ok with password reading.
Regards, Eugeny
We fixed similar problem for password files that specified as file link in ldifs. It is possible that in your case the same problem.
If it so we fix it in the nearest future.
Please check your password file info:
dir/full ldap_passwd.txt
....
Record format: VFC, 2 byte header, maximum 0 bytes, longest 5 bytes
....
If the file record format is similar to yours than it is the same problem.
Workaround for this problem is to create a file with the next record format:
Record format: Variable length, maximum 0 bytes, longest 4 bytes
Usually the VFS record format have files that were created by PIPE output redirection PIPE .... > file.txt
If you create file by edit file and if the problem that I described above it will be ok with password reading.
Regards, Eugeny
Re: ldap tools using -y for password file
Hi,
Thanks for the reply. I had created the file with an editor and it now has these attributes:
File organization: Sequential
Shelved state: Online
Caching attribute: Writethrough
File attributes: Allocation: 64, Extend: 0, Global buffer count: 0, Version limit: 3
Record format: Stream_LF, maximum 0 bytes, longest 11 bytes
Record attributes: None
And it is still giving the "Invalid credentials" error...
Regards,
Dave
Added in 1 hour 10 minutes 58 seconds:
Sorry.. and this is the original file attributes that also gives the error:
File organization: Sequential
Shelved state: Online
Caching attribute: Writethrough
File attributes: Allocation: 64, Extend: 0, Global buffer count: 0, Version limit: 3
Record format: Variable length, maximum 0 bytes, longest 11 bytes
Record attributes: Carriage return carriage control
Thanks for the reply. I had created the file with an editor and it now has these attributes:
File organization: Sequential
Shelved state: Online
Caching attribute: Writethrough
File attributes: Allocation: 64, Extend: 0, Global buffer count: 0, Version limit: 3
Record format: Stream_LF, maximum 0 bytes, longest 11 bytes
Record attributes: None
And it is still giving the "Invalid credentials" error...
Regards,
Dave
Added in 1 hour 10 minutes 58 seconds:
Sorry.. and this is the original file attributes that also gives the error:
File organization: Sequential
Shelved state: Online
Caching attribute: Writethrough
File attributes: Allocation: 64, Extend: 0, Global buffer count: 0, Version limit: 3
Record format: Variable length, maximum 0 bytes, longest 11 bytes
Record attributes: Carriage return carriage control
Last edited by marty.stu on Thu Oct 27, 2022 9:04 am, edited 1 time in total.
-
- VSI Expert
- Contributor
- Posts: 17
- Joined: Tue Aug 27, 2019 11:46 am
- Reputation: 0
- Status: Offline
Re: ldap tools using -y for password file
FWIW, I couldn't get the -y <pswd-filename> option to work either; tried all sorts of record formats and record attributes on the password file, but a network trace shows the password sent to the ldap server ends with either a Carriage Return character or CR/LF characters.
There may be some DECC$* feature logical name that helps, but I couldn't figure it out...
There may be some DECC$* feature logical name that helps, but I couldn't figure it out...
-
- VSI Expert
- Contributor
- Posts: 17
- Joined: Tue Aug 27, 2019 11:46 am
- Reputation: 0
- Status: Offline
Re: ldap tools using -y for password file
In the end we found a file with a record format of Undefined and record attributes of None works with the -y option. Engineering plans to address this in a future release.
$ type undef.fdl
IDENT FDL_VERSION 02 "30-APR-2020 15:41:49 OpenVMS ANALYZE/RMS_FILE Utility"
SYSTEM
SOURCE OpenVMS
FILE
ORGANIZATION sequential
RECORD
FORMAT undefined
$ create/fdl=undef.fdl passwd.dat
$ set file/attrib=rat:none passwd.dat
$ edit/edt passwd.dat
*C
yourpassword
Ctrl/Z
*Exit
$ type undef.fdl
IDENT FDL_VERSION 02 "30-APR-2020 15:41:49 OpenVMS ANALYZE/RMS_FILE Utility"
SYSTEM
SOURCE OpenVMS
FILE
ORGANIZATION sequential
RECORD
FORMAT undefined
$ create/fdl=undef.fdl passwd.dat
$ set file/attrib=rat:none passwd.dat
$ edit/edt passwd.dat
*C
yourpassword
Ctrl/Z
*Exit