[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4829) slapd-config should create olcDbDirectory
<quote who="hyc@symas.com">
> ghenry@suretecsystems.com wrote:
>> In another step towards 100% remote admin/config, could we store
>> StartTLS
>> certs in the directory for slapd usage, replacing the need for:
>>
>> TLS* config path hardcoding.?
>
> One step at a time...
Sure, I just wanted to have this wish recorded somewhere ;-)
> Ordinarily I would store certs in an entry with the
> same DN as the cert. This would mean creating a directory entry for your
> server name, as well as directory entries for any client certs you wanted
> to
> use. That's probably not the ideal way to go here.
>
> We could store the certs directly, in attributes under cn=config. We could
> also just store DNs in the config attributes, pointing to certs in some
> other
> database entries.
Understood.
>
> --
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
>
>