[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP replication 'credentials'

To: Emmanuel Dreyfus <manu@netbsd.org>
Subject: Re: OpenLDAP replication 'credentials'
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 07 May 2008 18:50:59 +0200
Cc: openldap-software@openldap.org
In-reply-to: <1igkut7.19oce5jp8nkhdM%manu@netbsd.org>
References: <1igkut7.19oce5jp8nkhdM%manu@netbsd.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9

Emmanuel Dreyfus wrote:

Mark W Apperson <Mark_W_Apperson@raytheon.com> wrote:

We will be using OpenLDAP with TLS, and also plan to use the OpenLDAP
replication as well.

I would like to keep plain text passwords out of config files.  We are
using the '{SSHA}' configuration option for the 'rootdn' configuration
variable.  Is there something similar that I can use for the replication
'credentials'?


What about using certificate authentication? That completely removes the
need for a replication password.

Anyway either the private key has to be stored somewhere 1. in clear or 2. password-protected. 2. would require manual admin interaction during startup. (I don't know whether that's supported at all.)

Ciao, Michael.

Follow-Ups:
- Re: OpenLDAP replication 'credentials'
  - From: manu@netbsd.org (Emmanuel Dreyfus)

References:
- Re: OpenLDAP replication 'credentials'
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: OpenLDAP replication 'credentials'
Next by Date: Migrating from 2.3 to 2.4 branch.
Index(es):
- Chronological
- Thread