Johnny Morano wrote:
Well, the problem was that in the replica section, i passed with credentials option, the password encrypted (such credentials={crypt}blabla), while it had to be the clear text password... cuz of the one encryption (stupid me!!!). it is replicating now :-D
this raises my second question: since the /etc/openldap/slapd.conf is world readable, is there a more secure way to set this password in the credentials option?
Why should slapd.conf be world readable ? Just change it's permissions and allow only the user under which slapd runs to read it. Another approach would be to have GSSAPI (KRB5) authentication and just feed slurpd a ticket file. But in turn the ticket file must have proper permission..
hth, mitu