On Thursday 07 June 2007 01:24:45 Craig wrote:
I need to create a user (or 2) for replication only, but don't
know where to put it or which structural class it should be.
I was thinking about:
No need for shadowAccount.
userPassword: <some pw>
This works, but is this really the best way to create "admin accounts"?
For me, "admin accounts" are accounts used for various tasks related to
server (not necessarily just slapd) maintenance. (Replication is the
only "task" I can think of at the moment.)
Also, I have the following org unit:
I was putting the above DN (cn=Replicator,...) in the root (as opposed
to "ou=People,..."). Does that make sense? Or should I create an ou just
for "admin/misc" accounts?
I created two branches in my tree called "ou=System Groups" and "ou=System
Accounts". These kind of "users" I put there, and I use the group names in
Lastly, is there a way to give a "non-plain text" password
All of the examples and docs seem to indicate that the credentials
should be the password for the "binddn" in clear text.
Yes. Think about it: it's like an user typing his/her password at a login
prompt. The openldap server (consumer) is behaving like a regular LDAP client
in this context.
You can get away with it, a bit, if using SASL GSSAPI or perhaps EXTERNAL. But
a secret will always be stored in the machine, be it a password, private key,
keytab file, etc.