[Date Prev][Date Next]
Re: replication credentials
I've had mixed results including encrypted replication passwords. In
fact, I've read messages that say you CANNOT encrypt the replication
credentials. YMMV. If you're worried about "anyone who can read the
slapd.conf file", set its permissions as 0750 root:ldap and trust the
filesystem. Nobody's in the ldap group but the ldap user, probably
created by your package installer.
The details of a secure (TLS) replication environment are plastered all
over the list archives. I posted my entire config a couple months ago
personally. It's an extremely active subject. I'd recommend some time
in the archives to anybody who needs hands-on documentation of a number
of successful "secure environment" deployments.
Gary LaVoy wrote:
Is it possible to put an encrypted password in the slapd.conf for the
replication account? It's doesn't seem to like this statement:
and putting a clear text password in means that I expose an account that
basically has manager access to anyone who can read the slapd.conf file. So in
that case I might as well use the manager account for replication itself.
so what is the recommended way to set up a reasonably secure replication