summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinda Guo <linda.guo@canonical.com>2021-11-19 02:25:09 (GMT)
committerLinda Guo <linda.guo@canonical.com>2021-11-19 08:47:22 (GMT)
commitf961b7f7bd5d10328bf152cbc015271180165f0f (patch)
tree4982a8f7ad60ac18e91d34429a99a01585888340
parentd6d2254312aede137dcd998a4cdfa26ecd07e379 (diff)
downloadmonitoring-plugins-f961b7f7bd5d10328bf152cbc015271180165f0f.tar.gz
Allows check_ldap to get password from env variablerefs/pull/1724/head
It's not secure to provide LDAP password through command line option because other users on the same host can see the password in 'ps' command output. This change allows check_ldap to get password from environment variable.
-rw-r--r--plugins/check_ldap.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index bc7bd44..845a4f5 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -432,6 +432,9 @@ validate_arguments ()
432 set_thresholds(&entries_thresholds, 432 set_thresholds(&entries_thresholds,
433 warn_entries, crit_entries); 433 warn_entries, crit_entries);
434 } 434 }
435 if (ld_passwd==NULL)
436 ld_passwd = getenv("LDAP_PASSWORD");
437
435 return OK; 438 return OK;
436} 439}
437 440
@@ -465,7 +468,7 @@ print_help (void)
465 printf (" %s\n", "-D [--bind]"); 468 printf (" %s\n", "-D [--bind]");
466 printf (" %s\n", _("ldap bind DN (if required)")); 469 printf (" %s\n", _("ldap bind DN (if required)"));
467 printf (" %s\n", "-P [--pass]"); 470 printf (" %s\n", "-P [--pass]");
468 printf (" %s\n", _("ldap password (if required)")); 471 printf (" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
469 printf (" %s\n", "-T [--starttls]"); 472 printf (" %s\n", "-T [--starttls]");
470 printf (" %s\n", _("use starttls mechanism introduced in protocol version 3")); 473 printf (" %s\n", _("use starttls mechanism introduced in protocol version 3"));
471 printf (" %s\n", "-S [--ssl]"); 474 printf (" %s\n", "-S [--ssl]");