7 May
2008
7 May
'08
9:50 a.m.
Emmanuel Dreyfus wrote:
Mark W Apperson Mark_W_Apperson@raytheon.com wrote:
We will be using OpenLDAP with TLS, and also plan to use the OpenLDAP replication as well.
I would like to keep plain text passwords out of config files. We are using the '{SSHA}' configuration option for the 'rootdn' configuration variable. Is there something similar that I can use for the replication 'credentials'?
What about using certificate authentication? That completely removes the need for a replication password.
Anyway either the private key has to be stored somewhere 1. in clear or 2. password-protected. 2. would require manual admin interaction during startup. (I don't know whether that's supported at all.)
Ciao, Michael.