1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1108711: ldapvi: please provide option to read bind password from f

    From Ansgar@1:229/2 to All on Thu Jul 3 18:10:02 2025
    From: [email protected]

    Package: ldapvi
    Version: 1.7-11.1+b1
    Severity: wishlist
    Tags: upstream
    X-Debbugs-Cc: [email protected]

    Hi,

    ldapvi has an option to pass the bind password via a command-line
    parameter:

    -w, --password SECRET Password (also valid for SASL).

    However passing credentials in this way is often insecure as other
    local users/processes can see command-line parameters of all running
    programs.

    It would be great if one could ask ldapvi to use the contents of a
    file as the password, similar to OpenLDAP's command-line utilities
    (ldapsearch & others):

    -y passwdfile
    Use complete contents of passwdfile as the password for simple authentication.

    If this was implemented, one could pass credentials from a password
    manager to ldapvi in a more secure fashion without having to manually
    paste it at the right time. (I have convenience wrappers around
    ldapsearch to invoke it with `-y $(password-manager)` so it just
    works.)

    Ansgar

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From [email protected]@21:1/5 to All on Tue Jul 15 17:30:02 2025
    Hello,

    This feature already exists in upstream since 2007 (commit bda806b0c31121765323a791f6e56faf4c4fdf0a¹). Using the exact option Ansgar is suggesting!

    The reason why it isn't present in Debian yet, looks to be that this commit isn't in any release of ldapvi as the last one was from 2007 also.

    Could we get this feature in Debian please?

    ¹ https://github.com/wtsi-hgi/ldapvi/commit/bda806b0c31121765323a791f6e56faf4c4fdf0a

    Cheers,
    - Brice Waegeneire

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)