[Date Prev][Date Next] [Chronological] [Thread] [Top]

best practice: admin accounts?

To: openldap-software@openldap.org
Subject: best practice: admin accounts?
From: Craig <craig5@pobox.com>
Date: Wed, 06 Jun 2007 21:24:45 -0700
User-agent: Thunderbird 2.0.0.0 (X11/20070326)

I need to create a user (or 2) for replication only, but don't really know where to put it or which structural class it should be.

I was thinking about:
   dn: uid=Replicator,dc=example,dc=com
   objectClass: top
   objectClass: account
   objectClass: shadowAccount
   userPassword: <some pw>
   uid: Replicator

This works, but is this really the best way to create "admin accounts"?

For me, "admin accounts" are accounts used for various tasks related to server (not necessarily just slapd) maintenance. (Replication is the only "task" I can think of at the moment.)

Also, I have the following org unit:
   dn: ou=People,dc=example,dc=com
   ou: People
   objectClass: top
   objectClass: organizationalUnit

I was putting the above DN (cn=Replicator,...) in the root (as opposed to "ou=People,..."). Does that make sense? Or should I create an ou just for "admin/misc" accounts?

Lastly, is there a way to give a "non-plain text" password for the syncrel user: syncrepl rid=123 ... bindmethod=simple binddn="cn=Replicator,dc=example,dc=com" credentials={SSHA}<encrypted string>

All of the examples and docs seem to indicate that the credentials should be the password for the "binddn" in clear text.

TIA!
Craig

Follow-Ups:
- Re: best practice: admin accounts?
  - From: Andreas Hasenack <ahasenack@terra.com.br>

Prev by Date: Re: index an attribute makes it unusable in a filter
Next by Date: Re: chain-overlay question
Index(es):
- Chronological
- Thread