Hi,
I inherited a slapd deployment which rebuilds instances from scratch via automation.  All configuration is done by slapadd'ing ldifs when instances are stood up.  We don't make configuration changes at run time.  When we need to make a change we modify the automation scripts and standup new instances from scratch.

I noticed that there are olcRootPW entries for the "cn=admin,cn=config" and "cn=admin,dc=ourcompany,dc=com" root DNs, in the configuration I inherited, but we don't ever use them explicitly.  In fact the entries are hashes, and I can't even find any uses of the cleartext in our code.

My gut feeling is that I should reset the hashes and discard the cleartext to prevent misuse of these credentials.  Is there any reason not to do this?

Thanks in advance for any insight you can provide.