Pass LDAP password filename instead of password itself in *user scripts
This ensures the LDAP password doesn't show up in process table. I was an idiot when I wrote the original code.
This commit is contained in:
parent
8934c273ba
commit
f66983313f
3
adduser
3
adduser
|
@ -58,8 +58,7 @@ gidNumber: {uid}'''
|
|||
f.write(ldif)
|
||||
|
||||
# Add user
|
||||
ret = call(['ldapadd', '-D', 'cn=Manager,dc=exozy,dc=me', '-w',
|
||||
open('/etc/ldappass', 'r').read(), '-f', filename])
|
||||
ret = call(['ldapadd', '-D', 'cn=Manager,dc=exozy,dc=me', '-y', '/etc/ldappass', '-f', filename])
|
||||
if ret != 0:
|
||||
return
|
||||
remove(filename)
|
||||
|
|
2
deluser
2
deluser
|
@ -10,7 +10,7 @@ def deluser(username):
|
|||
"""Delete a user"""
|
||||
|
||||
# Delete from LDAP server
|
||||
run(['ldapdelete', '-w', open('/etc/ldappass', 'r').read(), '-D', 'cn=Manager,dc=exozy,dc=me',
|
||||
run(['ldapdelete', '-y', '/etc/ldappass', '-D', 'cn=Manager,dc=exozy,dc=me',
|
||||
'uid=' + username + ',ou=People,dc=exozy,dc=me', 'cn=' + username + ',ou=Group,dc=exozy,dc=me'])
|
||||
|
||||
# Cleanup
|
||||
|
|
3
moduser
3
moduser
|
@ -15,8 +15,7 @@ def moduser(username):
|
|||
environ['EDITOR'] = 'micro'
|
||||
|
||||
if username == 'Manager':
|
||||
run(['ldapvi', '-w', open('/etc/ldappass', 'r').read(),
|
||||
'--user', 'cn=Manager,dc=exozy,dc=me'])
|
||||
run(['ldapvi', '-y', '/etc/ldappass', '--user', 'cn=Manager,dc=exozy,dc=me'])
|
||||
else:
|
||||
dn = 'uid=' + username + ',ou=People,dc=exozy,dc=me'
|
||||
run(['ldapvi', '--user', dn, '--base', dn])
|
||||
|
|
Loading…
Reference in a new issue