Description of problem: ds_removal and ds_unregister take password only from command line: Usage: /usr/sbin/ds_removal [-f] -s server_id -w admin_password Admin password can be saved to shell history or can be seen in the process list. We should avoid that. Version-Release number of selected component (if applicable): 389-admin-1.1.44-1.el7dsrv.x86_64.rpm
Build tested: 389-admin-1.1.45-1.el7dsrv.x86_64 Usage info and man page show new option: [root@rhel7ds ~]# ds_removal Error: Directory Server identifier is missing. Administration user password is missing. Usage: /usr/sbin/ds_removal [-f] -s server_id -w admin_password | -w - server_id: Directory server identifier; slapd-<server_id> admin_password: Administration user password -f - force - optional - ignore errors and force removal of as much as possible [root@rhel7ds ~]# man ds_removal ... -w password Required - password - the password for the console admin user. If password is '-', prompt for the password. ... [root@rhel7ds ~]# ds_removal -s rhel7ds-2 -w - Enter Admin Password: [root@rhel7ds ~]# echo $? 0 The same goes for ds_unregister. Marking as VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2665.html