Thanks Mike and Zdenek,
I fought with the server team all the way up in the hierarchy. Unfortunately, we are subcontractors providing them a solution. I wish I can make them understand the reality. I think redhat stopped at 2.2 for RHEL4 and they are providing 2.3 for RHEL5.
So the bottom line is that any ldap client should provide clear text passwords. Be it in config file or command line.
Thanks for the clarification guys. I really appreciate it.
-To love is to risk not being loved in return. To hope is to risk pain. To try is to risk failure, but risk must be taken because the greatest hazard in life is to risk nothing.
Thanks,
-Sai
-----Original Message----- From: openldap-technical-bounces+bangaru.adabala=gmail.com@OpenLDAP.org [mailto:openldap-technical-bounces+bangaru.adabala=gmail.com@OpenLDAP.org] On Behalf Of Zdenek Styblik Sent: Friday, July 10, 2009 3:01 PM To: Michael Ströder Cc: openldap-technical@openldap.org Subject: Re: bindmethod and credentials in slurpd replication.
Michael Ströder wrote:
Zdenek Styblik wrote:
Michael Ströder wrote:
Sai wrote:
But when defining replica, I got the following questions.
For credentials, can I use hashed password like for rootpw
No, credentials have to provided in clear since slurpd is a LDAP client to the slave.
a bit off topic, but is this also valid for 2.4.x series?
slurpd is not available in 2.4.x anymore.
I'm sorry, I just took this as common.
perhaps SALS would allow hashed passwords?
No. E.g. SASL bind DIGEST-MD5 needs the clear-text password in the config(!) to be able to generate the hash over the challenge value and the clear-text password. A hash is transmitted over wire though.
Yep. But I've meant hashed password in config (and so did Sai). I was just curious, if I haven't overlooked something :)
Thanks! Zdenek