[Date Prev][Date Next]
Re: (ITS#4829) slapd-config should create olcDbDirectory
> firstname.lastname@example.org wrote:
>> In another step towards 100% remote admin/config, could we store
>> certs in the directory for slapd usage, replacing the need for:
>> TLS* config path hardcoding.?
> One step at a time...
Sure, I just wanted to have this wish recorded somewhere ;-)
> Ordinarily I would store certs in an entry with the
> same DN as the cert. This would mean creating a directory entry for your
> server name, as well as directory entries for any client certs you wanted
> use. That's probably not the ideal way to go here.
> We could store the certs directly, in attributes under cn=config. We could
> also just store DNs in the config attributes, pointing to certs in some
> database entries.
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc
> Chief Architect, OpenLDAP http://www.openldap.org/project/