[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4829) slapd-config should create olcDbDirectory



<quote who="hyc@symas.com">
> ghenry@suretecsystems.com wrote:
>> In another step towards 100% remote admin/config, could we store
>> StartTLS
>> certs in the directory for slapd usage, replacing the need for:
>>
>> TLS* config path hardcoding.?
>
> One step at a time...

Sure, I just wanted to have this wish recorded somewhere ;-)


> Ordinarily I would store certs in an entry with the
> same DN as the cert. This would mean creating a directory entry for your
> server name, as well as directory entries for any client certs you wanted
> to
> use. That's probably not the ideal way to go here.
>
> We could store the certs directly, in attributes under cn=config. We could
> also just store DNs in the config attributes, pointing to certs in some
> other
> database entries.

Understood.

>
> --
>    -- Howard Chu
>    Chief Architect, Symas Corp.  http://www.symas.com
>    Director, Highland Sun        http://highlandsun.com/hyc
>    Chief Architect, OpenLDAP     http://www.openldap.org/project/
>
>
>