0

I have never used TCL before but am needing to use it in order to script commands in a tool we use. I have a bash script running that obtains some information from AD, which it will then pass to the TCL script to use. here is my bash script which runs without any issue.

echo "Enter username for LDAP Search"

read USERNAME
export USERNAME

echo "Enter password"

read -s PASSWORD
export PASSWORD

echo "What user do you want to add to Centrify?"
read CENTRIFY_USER
export CENTRIFY_USER


OBJECTSID=`ldapsearch -H ldap://my.domain.com:389 -D "$USERNAME@MY.REALM.COM" -w $PASSWORD -x -b "DC=my,DC=domain,DC=com" "(&(objectCategory=user)(sAMAccountName=$CENTRIFY_USER))" | grep objectSid | cut -d " " -f2`
SID=`/home/mydirectory/convert_objectSid_to_sid.sh $OBJECTSID`

export SID

echo "Adding user to Centrify..."
/home/mydirectory/add_users_to_centrify.sh

"add_users_to_centrify.sh" is the tcl script that is then called, but I get the error error during execution: can't read "USERNAME": no such variable in the tcl script.

Here are the contents of that:

#!/bin/sh
# \
exec adedit "$0" ${1+"$@"}
package require ade_lib

puts $env(USERNAME)
puts $env(PASSWORD)
puts $env(SID)
puts $env(CENTRIFY_USER)

bind my.domain.com $USERNAME {$PASSWORD}

Another issue, when the tcl script is called, all of the arguments I'm passing get printed, including the password. I had thought exporting would be the safest way to do this as it should only set the environment variables for this subshell and not print them. What's happening here?

Josh
  • 718
  • 2
  • 15
  • 38

1 Answers1

3

The password is getting printed because you're explicitly printing the password (puts $env(PASSWORD)).

The error seems very clear: there is no variable in the tcl script named USERNAME. You could set one like this (and similarly for PASSWORD):

set USERNAME $env(USERNAME)

Or you could just use the environment variables directly:

bind my.domain.com $env(USERNAME) {$env(PASSWORD)}
larsks
  • 277,717
  • 41
  • 399
  • 399
  • 1
    @Josh `puts` outputs strings (useful for debugging, but often removed once things are working), `set` sets variables. We try to use “obvious” names bearing in mind that we're lazy too (so `expr` evaluates expressions but is shorter to write), but what's obvious to us isn't obvious to everyone. Obviously… – Donal Fellows Jun 14 '18 at 16:30
  • @DonalFellows Makes sense to me now! I must admit I pulled the variable manipulation code from someone else using environment variables in their tcl script so I didn't dig into the documents and assumed based on the naming. Didn't know the set command existed until this answer. Probably should have RTFM... – Josh Jun 14 '18 at 18:35