Allows check_ldap to get password from env variablerefs/pull/1724/head

It's not secure to provide LDAP password through command line option because other users on the same host can see the password in 'ps' command output. This change allows check_ldap to get password from environment variable.
author: Linda Guo <linda.guo@canonical.com> 2021-11-19 02:25:09 (GMT)
committer: Linda Guo <linda.guo@canonical.com> 2021-11-19 08:47:22 (GMT)
commit: f961b7f7bd5d10328bf152cbc015271180165f0f (patch)
tree: 4982a8f7ad60ac18e91d34429a99a01585888340
parent: d6d2254312aede137dcd998a4cdfa26ecd07e379 (diff)
download: monitoring-plugins-f961b7f.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index bc7bd44..845a4f5 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -432,6 +432,9 @@ validate_arguments ()
                set_thresholds(&entries_thresholds,
                        warn_entries, crit_entries);
        }
+        if (ld_passwd==NULL)
+                ld_passwd = getenv("LDAP_PASSWORD");
        return OK;
 }
@@ -465,7 +468,7 @@ print_help (void)
  printf (" %s\n", "-D [--bind]");
  printf ("    %s\n", _("ldap bind DN (if required)"));
  printf (" %s\n", "-P [--pass]");
-  printf ("    %s\n", _("ldap password (if required)"));
+  printf ("    %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
  printf (" %s\n", "-T [--starttls]");
  printf ("    %s\n", _("use starttls mechanism introduced in protocol version 3"));
  printf (" %s\n", "-S [--ssl]");
author	Linda Guo <linda.guo@canonical.com>	2021-11-19 02:25:09 (GMT)
committer	Linda Guo <linda.guo@canonical.com>	2021-11-19 08:47:22 (GMT)
commit	f961b7f7bd5d10328bf152cbc015271180165f0f (patch)
tree	4982a8f7ad60ac18e91d34429a99a01585888340
parent	d6d2254312aede137dcd998a4cdfa26ecd07e379 (diff)
download	monitoring-plugins-f961b7f.tar.gz