Writing Join-scripts: Access to the bind credentials




I want to write a joinscript for ucc. How can I use the join credentials (username and password passed to univention-join)? Really with “bind-dn” and “bind-password”? It seems not to be a bash variable …

Kind regards,



if you want to use the credentials to call udm, you can just pass “$@” to the udm call, as can be seen in many UCS joinscripts. Also, have a look at our documentation how to write join scripts.

If you want to parse that information from the joinscript call parameters into bash variables, you can use this snippet to have them available in the binddn and bindpwd, which is also used in the 45univention-join.inst UCC joinscript:

eval $(echo "$@" | sed -n 's/.*--binddn \(.*\) --bindpwd \(.*\).*/binddn="\1"\nbindpwd="\2"/p')


Many thanks, that is I’ve looked for.

to make it clear: “$binddn” is the full LDAP DN or only the username? I need only the username. So I would parse it as follow:

binduser=$(echo $binddn| awk -F',' '{print $1}' | awk -F'=' '{print $2}')


Hi, the binddn is the whole DN, e.g. uid=Administrator,cn=users,$ldap_base. Your command to parse the DN for the username works in my test.