Glassfish 3 Password Alias

In the previous post, there is a function to change admin authentication from local to active directory.  It works great, but the password for the service account performing active directory lookups is in plain text.  Best practices for security says that password should be hidden.

1)
Add
AS_ADMIN_ALIASPASSWORD=thepassword
to the password file located at /tmp/password 
This file needs to be manually created to automate the GF install

2) Add the password to Glassfish's secure password store

/opt/AppSrv/glassfish3/glassfish/bin/asadmin -W /tmp/password --secure create-password-alias ldapbind

3) Set the search-bind-password field - that "\" is quite important - lots of time spent trying to get that to work
/opt/AppSrv/glassfish3/glassfish/bin/asadmin -W /tmp/password set server.security-service.auth-realm.admin-realm.property.search-bind-password="\${ALIAS=ldapbind}"

Restart Glassfish and delete /tmp/password