From 73e87f8f45c82f40c473f821cec17822d4fb7ba5 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Sun, 19 Apr 2020 13:01:39 +0200 Subject: [PATCH] Improve LDAP example command We should not log passwords in bash history files. This change will prompt the user for the password instead. --- doc/ldap.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/ldap.md b/doc/ldap.md index 1e3c80c..7ebe26f 100644 --- a/doc/ldap.md +++ b/doc/ldap.md @@ -1,6 +1,6 @@ -# LDAP (389 Directory Server). +# LDAP (389 Directory Server) -## Credentials +## Credentials The admin account is `cn=Directory Manager` with the password stored in the encrypted data bag `admin_password` item @@ -9,8 +9,8 @@ encrypted data bag `admin_password` item $ knife data bag show credentials dirsrv --secret-file .chef/encrypted_data_bag_secret ``` -## Example search: +## Example search (will prompt for password): ``` -$ ldapsearch -x -w $password -D 'cn=Directory Manager' -b "ou=users,dc=kosmos,dc=org" -H "ldaps://ldap.kosmos.org" -v +$ ldapsearch -x -W -D 'cn=Directory Manager' -b "ou=users,dc=kosmos,dc=org" -H "ldaps://ldap.kosmos.org" -v ```