Bug 1374439

Summary: ds_removal and ds_unregister should support prompting for password
Product: Red Hat Directory Server Reporter: Viktor Ashirov <vashirov>
Component: AdminAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 10.0CC: nhosoi
Target Milestone: DS10.1   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-admin-1.1.45-1.el7dsrv Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-07 15:40:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Viktor Ashirov 2016-09-08 16:20:24 UTC
Description of problem:

ds_removal and ds_unregister take password only from command line:
Usage: /usr/sbin/ds_removal [-f] -s server_id -w admin_password

Admin password can be saved to shell history or can be seen in the process list. 
We should avoid that.

Version-Release number of selected component (if applicable):
389-admin-1.1.44-1.el7dsrv.x86_64.rpm

Comment 2 Viktor Ashirov 2016-09-29 19:12:55 UTC
Build tested:
389-admin-1.1.45-1.el7dsrv.x86_64

Usage info and man page show new option:

[root@rhel7ds ~]# ds_removal 
Error: Directory Server identifier is missing. Administration user password is missing.
Usage: /usr/sbin/ds_removal [-f] -s server_id -w admin_password | -w -
       server_id: Directory server identifier; slapd-<server_id>
       admin_password: Administration user password
       -f - force - optional - ignore errors and force removal of as much as possible

[root@rhel7ds ~]# man ds_removal
...
       -w password
              Required - password - the password for the console admin user.  If password is '-', prompt for the password.
...

[root@rhel7ds ~]# ds_removal -s rhel7ds-2 -w -
Enter Admin Password: 
[root@rhel7ds ~]# echo $?
0

The same goes for ds_unregister.

Marking as VERIFIED.

Comment 4 errata-xmlrpc 2016-11-07 15:40:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2665.html