[Date Prev][Date Next]
Re: (ITS#4829) slapd-config should create olcDbDirectory
> In another step towards 100% remote admin/config, could we store StartTLS
> certs in the directory for slapd usage, replacing the need for:
> TLS* config path hardcoding.?
One step at a time... Ordinarily I would store certs in an entry with the
same DN as the cert. This would mean creating a directory entry for your
server name, as well as directory entries for any client certs you wanted to
use. That's probably not the ideal way to go here.
We could store the certs directly, in attributes under cn=config. We could
also just store DNs in the config attributes, pointing to certs in some other
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/