I am using curl - u user:password -X post method in shell script to trigger my Jenkins jobs externally. While using this method I am providing my credentials to access Jenkins.
Is there any way to hide or encrypt credentials.?
Curl with -u does not support encrypt username and password but you can do it in different way to hide username and password
Create an environment variable Use that on your curl command like below :
export USERNAME=""
export PASSWORD=""
after that
curl -u $USERNAME:$PASSWORD -X POST ...
Make use of .netrc file with curl command.
curl command option for .netrc file
-n, --netrc Must read .netrc for user name and password
--netrc-file <filename> Specify FILE for netrc
Steps to use .netrc
Create a .netrc file on your home directory (~) with content
machine jenkins.url
login username
password jenkinsTokenOrPassword
invoke curl command
curl -n -X POST ....
Note. If you don't want to keep your .netrc file on your home directory ~ , than place it somewhere else but make sure let curl know about the location like curl --netrc-file /path/to/.netrc -X POST ...
I would like to use wget, curl or even use Perl to download a copy of my projects each night from ShareLatex, but when I look at Network in Chrome, I see it redirects from /login to /projects in a successful login.
Because of the redirect I it flushes the Chrome network debug log, but if I do a wrong login attempt I can see what it sends. See below screenshot.
Question
Can anyone explain how I can figure out which string I should post in order to login?
Is the _csrf header string important?
I have no luck with
curl -s --cookie-jar cookie https://sharelatex.com/login
curl -s --cookie cookie -H 'email: my#email.com' -H 'password: mypw' https://sharelatex.com/login
as it just gives me a failed login screen.
Use -L option in curl:
curl -s -L -H 'email: my#email.com' -H 'password: mypw' https://sharelatex.com/login
I am using cURL command in a shell script. If I use curl with -u login:password option, we can have access to these login and password as they are visible to anyone.
Is there way to make password not clear in script file (or encrypt and decrypt it)?
An example based on Base64:
curl -X GET -k -H 'Authorization: Basic dGVzdDpwYXNzd29yZA==' -i 'https://yoursite.com'
Base64 decoded: test:password
Base64 encoded: dGVzdDpwYXNzd29yZA==
I'm using "curl" to get a webpage which needs username and password.
For some webpages, I can get the page I want with expression like
curl -u myusername:mypassword url -o output.html.
But for some other webpages, I can't get the page I want.
I've tried expressions mentioned above, it seemes the username and the password is not sent with the request.
I also tried expressions like
curl -d"login_username=myusername&login_password=mypassword&action=login&submit=Login" url -o output.html.
The username is sent, but the password is still empty.
By the way, there is a "realm: LDAP" under username & password inputbox.
Does anybody know what is happening? Thanks in advance.
Assuming that a website uses HTTP basic authentication, a verbose mode, with -v option, makes you confirm whether the authentication request is sent or not. If the authentication request is sent, you can see Authorization header as the below.
$ curl -v -u user:password http://foo.example.com/auth/ -o output.html
* About to connect() to x.x.x.x port 3128
* Trying x.x.x.x... connected
* Connected to proxy.example.com (x.x.x.x) port 3128
* Server auth using Basic with user 'user'
> GET http://foo.example.com/auth/ HTTP/1.1
> Authorization: Basic cm9vdDpSaW5nMjAXMA==
The syntax for cURL username & password is :
user,password
and not
user:password
So finally :
curl -s -v -u myusername,mypassword url
I know this is more like a serverfault question than a stackoverflow question, but since serverfault isn't up yet, here I go:
I'm supposed to move an application from one redhat server to another, and without very good knowledge of the internal workings of the application, how would I move the OpenLDAP database from the one machine to the other, with schemas and all.
What files would I need to copy over? I believe the setup is pretty standard.
The problem with SourceRebels' answer is that slapcat(8) does not guarantee that the data is ordered for ldapadd(1)/ldapmodify(1).
From man slapcat (from OpenLDAP 2.3) :
The LDIF generated by this tool is suitable for use with slapadd(8).
As the entries are in database order, not superior first order, they
cannot be loaded with ldapadd(1) without first being reordered.
(FYI: In OpenLDAP 2.4 that section was rephrased and expanded.)
Plus using a tool that uses the backend files to dump the database and then using a tool that loads the ldif through the ldap protocol is not very consistent.
I'd suggest to use a combination of slapcat(8)/slapadd(8) OR ldapsearch(1)/ldapmodify(1). My preference would go to the latter as it does not need shell access to the ldap server or moving files around.
For example, dump database from a master server under dc=master,dc=com and load it in a backup server
$ ldapsearch -Wx -D "cn=admin_master,dc=master,dc=com" -b "dc=master,dc=com" -H ldap://my.master.host -LLL > ldap_dump-20100525-1.ldif
$ ldapadd -Wx -D "cn=admin_backup,dc=backup,dc=com" -H ldap://my.backup.host -f ldap_dump-20100525-1.ldif
The -W flag above prompts for ldap admin_master password however since we are redirecting output to a file you wont see the prompt - just an empty line. Go ahead and type your ldap admin_master password and enter and it will work. First line of your output file will need to be removed (Enter LDAP Password:) before running ldapadd.
Last hint, ldapadd(1) is a hard link to ldapmodify(1) with the -a (add) flag turned on.
ldapsearch and ldapadd are not necessarily the best tools to clone your LDAP DB. slapcat and slapadd are much better options.
Export your DB with slapcat:
slapcat > ldif
Import the DB with slapadd (make sure the LDAP server is stopped):
slapadd -l ldif
Some appointments:
Save your personalized schemas and objectclasses definitions on your new server. You can look for your included files at slapd.conf to obtain it, for example (this is a part of my slapd.conf):
include /etc/ldap/schema/core.schema
Include your personalized schemas and objectclasses in your new openLDAP installation.
Use slapcat command to export your full LDAP tree to a single/various ldif files.
Use ldapadd to import the ldif files on to your new LDAP installation.
I prefer copy the database through the protocol:
first of all be sure you have the same schemas on both servers.
dump the database with ldapsearch:
ldapsearch -LLL -Wx -D "cn=admin,dc=domain" -b "dc=domain" > domain.ldif
and import it in the new server:
ldapmodify -Wx -D "cn=admin,dc=domain" -a -f domain.ldif
in one line:
ldapsearch -LLL -Wx -D "cn=admin,dc=domain" -b "dc=domain" | ldapmodify -w pass -x -D "cn=admin,dc=domain" -a
By using the bin/ldap* commands you are talking directly with the server while using bin/slap* commands you are dealing with the backend files
(Not enough reputation to write a comment...)
Ldapsearch opens a connection to the LDAP server.
Slapcat instead accesses the database directly, and this means that ACLs, time and size limits, and other byproducts of the LDAP connection are not evaluated, and hence will not alter the data. (Matt Butcher, "Mastering OpenLDAP")
Thanks, Vish. Worked like a charm! I edited the command:
ldapsearch -z max -LLL -Wx -D "cn=Manager,dc=domain,dc=fr" -b "dc=domain,dc=fr" >/tmp/save.ldif
ldapmodify -c -Wx -D "cn=Manager,dc=domain,dc=fr" -a -f /tmp/save.ldif
Just added the -z max to avoid the size limitation and the -c to go on even if the target domain already exists (my case).