0
votes

I have never used TCL before but am needing to use it in order to script commands in a tool we use. I have a bash script running that obtains some information from AD, which it will then pass to the TCL script to use. here is my bash script which runs without any issue.

echo "Enter username for LDAP Search"

read USERNAME
export USERNAME

echo "Enter password"

read -s PASSWORD
export PASSWORD

echo "What user do you want to add to Centrify?"
read CENTRIFY_USER
export CENTRIFY_USER


OBJECTSID=`ldapsearch -H ldap://my.domain.com:389 -D "[email protected]" -w $PASSWORD -x -b "DC=my,DC=domain,DC=com" "(&(objectCategory=user)(sAMAccountName=$CENTRIFY_USER))" | grep objectSid | cut -d " " -f2`
SID=`/home/mydirectory/convert_objectSid_to_sid.sh $OBJECTSID`

export SID

echo "Adding user to Centrify..."
/home/mydirectory/add_users_to_centrify.sh

"add_users_to_centrify.sh" is the tcl script that is then called, but I get the error error during execution: can't read "USERNAME": no such variable in the tcl script.

Here are the contents of that:

#!/bin/sh
# \
exec adedit "$0" ${1+"$@"}
package require ade_lib

puts $env(USERNAME)
puts $env(PASSWORD)
puts $env(SID)
puts $env(CENTRIFY_USER)

bind my.domain.com $USERNAME {$PASSWORD}

Another issue, when the tcl script is called, all of the arguments I'm passing get printed, including the password. I had thought exporting would be the safest way to do this as it should only set the environment variables for this subshell and not print them. What's happening here?

1

1 Answers

3
votes

The password is getting printed because you're explicitly printing the password (puts $env(PASSWORD)).

The error seems very clear: there is no variable in the tcl script named USERNAME. You could set one like this (and similarly for PASSWORD):

set USERNAME $env(USERNAME)

Or you could just use the environment variables directly:

bind my.domain.com $env(USERNAME) {$env(PASSWORD)}