Our organization requires SSL for access to our ldap server. When I set up our LDAP server in Mac OS X's Contacts application, I am able to search just fine for people in our organization. However, using the command line app ldapsearch doesn't seem to work.
The problem is that our organization, while using SSL, does not require a username or a password. I can't seem to get ldapsearch to not require a password.
Here's the command I'm using:
ldapsearch -H ldaps://ldap.example.com -b "" -s base "objectclass=*"
SASL/DIGEST-MD5 authentication started
Please enter your password:
Here is the contents of my /etc/openldap/ldap.conf
HOST ldap.example.com
PORT 636
TLS_REQCERT never
Here are the settings that work just fine in Mac OS X's Contacts application, and don't require a username or password:
What's the correct ldapsearch concoction to use for this server?
You need the -x option. Try something like:
ldapsearch -x -H ldaps://ldap.example.com -b "ou=people,dc=examplelabs,dc=com" -s sub "objectclass=inetorgperson"
Related
I had to automate my postgre database backup. As instructed by my software vendor I am trying to use pg_dump.exe (see below) file to take a backup but that prompts me for password.
.\pg_dump.exe -h localhost -p 4432 -U postgres -v -b -F t -f "C:\Backup\Backup.tar" Repo
So googled and found that as per "https://www.postgresql.org/docs/9.6/libpq-pgpass.html" I can create a pgpass.conf file within 'C:\Users\User1\AppData\Roaming\postgresql\pgpass.conf" which I did.
Then I tried to pass data of pgpass.conf file to env variable before executing my pg_dump command. But it is not working. Still I am getting prompt to enter password. This is the content of pgpass.conf file: *:*:*:postgres:password
Below is the code I am trying in PowerShell,
$Env:PGPASSFILE="C:\Users\User1\AppData\Roaming\postgresql\pgpass.conf"
cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin"
.\pg_dump.exe -h localhost -p 4432 -U postgres -v -b -F t -f "C:\Backup\Backup.tar" Repo
Why am I still being asked for password?
When I type following code $Env:AppData I get following response "C:\Users\User1\AppData\Roaming"
Everywhere there are guidance on how to use it in UNIX or command prompt but not in powershell. Any help is appreciated. Also if you could direct me how to secure this password file then it will be great.
With password prompt I cannot automate it with windows task scheduler.
I suspect you have a suitable solution, however, as a quick (and not secure) workaround via the command prompt, you can use the variable PGPASSWORD to hold the password then run the backup script.
A sample might be something like:
SET PGPASSWORD=password
cd "C:\Program Files\Qlik\Sense\Repository\PostgreSQL\9.6\bin" pg_dump.exe -h localhost -p 4432 -U postgres -b -F t -f "d:\qs_backup\QSR_backup.tar" QSR
Rod
I have yet to get the damned thing to work yet, but I did find this:
-w
--no-password Never issue a password prompt. If the server requires password authentication and a password is not available by other means
such as a .pgpass file, the connection attempt will fail. This option
can be useful in batch jobs and scripts where no user is present to
enter a password.
I don't see a -w parameter in your call to pg_dump
I used pg_hba file to allow connection "trust" this is riskier method but I had to get things done ASAP. Thank you for your time and effort
I want to use the tool cntlm to authenticate via basic authentication against our corporate proxy server, which uses the ntlm protocol.
CNTLM uses a cntlm.conf file to get your proxy authentication credentials.
If you don't want to use your password in plain text, you can generate hashes with the command. (That's what I want!)
cntlm -u <user> -d <domain> -f -H.
The problem here is, that we use a rolling password policy here and I want to write a bash script for automating the hash generation, inserting in the config file and restarting the cntlm service.
Unfortunately the above shown command generates the password hashes interactively and I couldn't find a way to wrap this in a bash script.
I am a bash scripting newbie though and could use some advice here ;)
For my cntlm version (0.92.3) a simple echo pipe works like charm:
echo "PASSWORD" | cntlm -u USER -d DOMAIN -f -H
I am trying to use cURL in the Command Prompt, but I dont understand where I have problems. I have been told that I need to configure a proxy tothe Command Prompt so that it can access the sites I am calling on.
This is what I want to run: curl -glob "api.fda.gov/drug/event.json?&search=receivedate:[20040101+TO+20150101]&limit=1"
I have cURL installed, but always face errors because it is not connecting. Is there a simple way to set up a proxy for/through the Command Prompt in Windows 7?
I also do not have admin rights, so I cannot change the system settings.
You can set your proxy using a set command in windows:
set http_proxy=http://<yourproxyaddress>:<port>
Then you can connect your curl requests to external sites.
Some proxies require specific authentication headers to be set, so be aware of those as well. In my case, it's --proxy-ntlm in the example below:
curl -x webproxy.net:8080 -U usernaname:password http://google.com --proxy-ntlm
But there're other options:
--proxy-digest and --proxy-negotiate
Lastly, cURL has a super friendly doc page, so be sure to check it out.
I use OpenDS package ( This is a very great LDAP soft) and I've got tiny problem with an option of ldappasswordmodify command
:~# ldappasswordmodify --version
OpenDS Directory Server 2.2.0
Build 20091123144827Z
--
Name Build number Revision number
Extension: snmp-mib2605 2.2.0 6181
~# ldappasswordmodify -h localhost -D "cn=Directory Manager" -w - -a "dn:uid=user,ou=People,dc=acme,dc=org"An error occurred while attempting to connect to the Directory Server: The
simple bind attempt failed
:~# ldappasswordmodify -h localhost -D "cn=Directory Manager" -w xxxxxxx -a "dn:uid=user,ou=People,dc=acme,dc=org"
The LDAP password modify operation was successful
Generated Password: F8F2R1W6V
I did research and I found this on the Oracle Site :
http://docs.oracle.com/cd/E19623-01/820-6171/ldappasswordmodify.html
-w, --bindPassword bindPassword
Use the bind password when authenticating to the directory server. This option can be used for simple authentication as well as password-based SASL mechanisms. This option must not be used in conjunction with --bindPasswordFile. To prompt for the password, type -w -.
What I did wrong?
Thank for your help.
I found this line working :
:~# read -s A ; ldappasswordmodify -h localhost -D "cn=Directory Manager" -w $A -a "dn:uid=user,ou=People,dc=acme,dc=org"
The LDAP password modify operation was successful
Generated Password: F8F2R1W6V
Thanks anyway
My goal is to be able to fire off a command without having to be prompted for my password. Is there any way to achieve this from the windows command line? In Linux I feel I could send the password to standard in or something, but I am not sure if I could do this for windows.
Thanks!
There are two ways:
Set environment variable PGPASSWORD e.g. set PGPASSWORD=yoursecretpassword
Use password file %APPDATA%\postgresql\pgpass.conf as described in documentation
Within password file (my location is C:\Users\Grzesiek\AppData\Roaming\postgresql\pgpass.conf) use specified in doc format. For example to connect database postgres as role postgres on local 5432 server add:
localhost:5432:postgres:postgres:12345
I checked this and it works well (for me), but don't use 127.0.0.1).
Another handy option (specially if your PG server runs in your own client machine, and if this does not poses any security problem for you) is to allow login without password in the server ("trust" authentication mode).
For example, this line in pg_hba.conf (in your DATA dir, a typical location: C:\Program Files\PostgreSQL\9.0\data\ ) grants access without password from your local machine.
host all all 127.0.0.1/32 trust
Then, connect with
psql.exe -h 127.0.0.1 -U postgres -w [YOUR_DB_NAME]
I know it is an old question but for anyone looking like I was, it is hard to find a solution for windows. stick this in a .bat file and it will work (at least for me it did). change director to postres directory, set environment variable PGPASSWORD execute copy command to a csv file and then clear environment variable, then go back to root directory.
cd C:\Program Files\PostgreSQL\9.5\bin\
set PGPASSWORD=yourpassword
psql -d databasename -U yourusername -w -c "\COPY (select * from yourtable) TO 'c:/Users/yourdirectory/yourcsvfilename.csv' DELIMITER '|' CSV HEADER;"
set PGPASSWORD=
cd c:\
I realize this question is a bit old now, but I believe there is a better means for secure, password-free PostgreSQL logon on Windows - SSPI.
Create a local or domain user account and PostgreSQL login with the same name.
In pg_ident.conf, create a mapping:
# MAPNAME SYSTEM-USERNAME PG-USERNAME
SSPI username#AUTHORITY loginname
Replace username with the Windows user name (this is the sAMAccountName attribute for domain accounts), and replace AUTHORITY with the computer name or short domain name. If you're not sure what to use for AUTHORITY, check the PostgreSQL log file. For a local account, this will be the computer name; for a domain account, it's probably the short domain name. Lastly, replace loginname with the PostgreSQL login name (to reduce confusion, I would recommend using the same name for both username and loginname).
In pg_hba.conf, allow the logon; e.g.:
# TYPE DATABASE USER ADDRESS METHOD
host all loginname 127.0.0.1/32 sspi map=SSPI
host all loginname ::1/128 sspi map=SSPI
If a domain account, set a SPN for it; e.g.:
setspn -S POSTGRES/serverfqdn username
Now you can log onto Windows using the specified username and run psql.exe, etc. without needing a password.
Steps:
First ENviroment Var PGPASSWORD
C:\Windows\system32>set PGPASSWORD=clave
before
psql -d basededatos -U usuario
Ready,
I got it working in Postgres 15 with:
psql -U postgres -h 127.0.0.1 -p 54322 -f some_file password=postgres
J
If you're able to use Powershell, you can set environment variables inline, similar to bash.
This should work:
$Env:PGPASSWORD='your-pass'; psql -U postgres
Note the semicolon between setting the variable and actual command, this is important since those are inline but two separate commands.
I found another useful solution that worked for me on this link. It basically sets the PGPASSWORD at the beginning of your command like this:
PGPASSWORD=PASSWORD psql YOUR_CODE