[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4829) slapd-config should create olcDbDirectory

ghenry@suretecsystems.com wrote:
> In another step towards 100% remote admin/config, could we store StartTLS
> certs in the directory for slapd usage, replacing the need for:
> TLS* config path hardcoding.?

One step at a time... Ordinarily I would store certs in an entry with the 
same DN as the cert. This would mean creating a directory entry for your 
server name, as well as directory entries for any client certs you wanted to 
use. That's probably not the ideal way to go here.

We could store the certs directly, in attributes under cn=config. We could 
also just store DNs in the config attributes, pointing to certs in some other 
database entries.

   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   Chief Architect, OpenLDAP     http://www.openldap.org/project/