ndsbackup – provide encryption password in script
Dear MF community,
I have a question concerning the usage of ndsbackup utility for eDirectory with attribute encryption enabled:
Red Hat Enterprise Linux 7.6
eDirectory 9.1.4 v40105.10
TSA Backup utility for NetIQ eDirectory 9.1.4 v40105.02
The ndsbackup man page shows the following info on using the -E switch to backup objects with encrypted attributes:
Prompts for password to encrypt or decrypt backup data if any attributes are marked for encryption. If you do not use this option and if you have attributes marked for encryption, the backup/restore fails with the "Requires a Password" error.
We use a daily cron for our backup routine (doing dsbk and ndsbackup) and therefore need to pass the password in the script. What is the supposed syntax to privide a password for the -E switch when exucuted in the backup script?
The following statement results in ndsbackup printing the supposed usage and exiting ([PWD] being the provided password value) :
$BINDIR/ndsbackup cvf $BACKUPDIR/$t_thisfile1.ndsbak -a $USERNAME -p passstore -E [PWD] --config-file $CONFIGFILE >> /tmp/$APPNAME-$BACKUPTYPE-NDS.log 2>&1
Does anyone know how to properly pass the required encryption password here? Or is it necessary to utilize ndspassstore, similar to the syntax for the user credentials?
Many thanks and best regards,
Re: ndsbackup – provide encryption password in script
for those interested...
Opened a SR on the topic and got the following response:
At the moment, there does not seem to be a "proper way” of passing the <password> “argument” when using the -E switch. The mentioned behaviour might be a limitation in the utility and/or the MAN page is written ambiguously in this regard.
A bug has been filed by support and engineering will give feedback on the issue. I will you keep you posted…