aboutsummaryrefslogtreecommitdiff
path: root/plugins/check_ldap.c
diff options
context:
space:
mode:
authorGravatar Linda Guo <linda.guo@canonical.com> 2021-11-19 13:25:09 +1100
committerGravatar Linda Guo <linda.guo@canonical.com> 2021-11-19 19:47:22 +1100
commitf961b7f7bd5d10328bf152cbc015271180165f0f (patch)
tree4982a8f7ad60ac18e91d34429a99a01585888340 /plugins/check_ldap.c
parentd6d2254312aede137dcd998a4cdfa26ecd07e379 (diff)
downloadmonitoring-plugins-f961b7f7bd5d10328bf152cbc015271180165f0f.tar.gz
Allows check_ldap to get password from env variable
It's not secure to provide LDAP password through command line option because other users on the same host can see the password in 'ps' command output. This change allows check_ldap to get password from environment variable.
Diffstat (limited to 'plugins/check_ldap.c')
-rw-r--r--plugins/check_ldap.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index bc7bd44c..845a4f52 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -432,6 +432,9 @@ validate_arguments ()
set_thresholds(&entries_thresholds,
warn_entries, crit_entries);
}
+ if (ld_passwd==NULL)
+ ld_passwd = getenv("LDAP_PASSWORD");
+
return OK;
}
@@ -465,7 +468,7 @@ print_help (void)
printf (" %s\n", "-D [--bind]");
printf (" %s\n", _("ldap bind DN (if required)"));
printf (" %s\n", "-P [--pass]");
- printf (" %s\n", _("ldap password (if required)"));
+ printf (" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
printf (" %s\n", "-T [--starttls]");
printf (" %s\n", _("use starttls mechanism introduced in protocol version 3"));
printf (" %s\n", "-S [--ssl]");