[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP replication 'credentials'

Emmanuel Dreyfus wrote:
Mark W Apperson <Mark_W_Apperson@raytheon.com> wrote:

We will be using OpenLDAP with TLS, and also plan to use the OpenLDAP
replication as well.

I would like to keep plain text passwords out of config files.  We are
using the '{SSHA}' configuration option for the 'rootdn' configuration
variable.  Is there something similar that I can use for the replication

What about using certificate authentication? That completely removes the need for a replication password.

Anyway either the private key has to be stored somewhere 1. in clear or 2. password-protected. 2. would require manual admin interaction during startup. (I don't know whether that's supported at all.)

Ciao, Michael.