You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
when passing a password from stdin, it may contain an extra trailing newline. this causes the error ldap operation failed: failed to bind as user, which is very misleading. However, the real issue is that it accepted the newline as part of the password.
To Reproduce
Note: while echo/printf are used here for ease of reproduction, this applies to anything that could pipe the password to stdin, like a password manager
Steps to reproduce the behavior:
$ echo mypassword | vault login -method=ldap username=myuser password=-
Error authenticating: Error making API request.
URL: PUT https://vault.s.voidlinux.org/v1/auth/ldap/login/abby
Code: 400. Errors:
* ldap operation failed: failed to bind as user
Thank you for submitting this request! Please note that you can also use echo -n in order to echo without a newline.
For others who are interested in this, please stick a 👍 on this issue. We’re currently developing an internal process to review and prioritize requests.
as I mentioned in the original report, echo was just for demonstration purposes, I'm not actually passing my password in plaintext with echo...
classabbyamp
changed the title
"ldap operation failed: failed to bind as user" when password contains trailing newline
misleading error "ldap operation failed: failed to bind as user" when password contains trailing newline
May 1, 2023
This issue would be a delicate balance between not introducing unexpected data transformations in places that could break things for people, and making the CLI useful for ad-hoc use.
Unfortunately there probably is no single choice of behaviour that will make everyone happy here. It's possible that leaving things as is might be the least worst compromise.
Describe the bug
when passing a password from stdin, it may contain an extra trailing newline. this causes the error
ldap operation failed: failed to bind as user
, which is very misleading. However, the real issue is that it accepted the newline as part of the password.To Reproduce
Steps to reproduce the behavior:
this is made clear by using
-output-curl-string
:Expected behavior
login from stdin works as intended:
Environment:
vault status
): 1.12.1vault version
): 1.13.0Vault server configuration file(s):
I am just a user, I did not set up this vault server.
The text was updated successfully, but these errors were encountered: