--On Tuesday, March 19, 2019 12:43 PM -0400 Bob Hund
My gut feeling is that I should reset the hashes and discard the
cleartext to prevent misuse of these credentials. Is there any reason
not to do this?
You have a few options:
a) Use slappasswd to generate a hash of the password rather than using a
b) Do something like debian & redhat do, and use SASL/EXTERNAL plus a
regexp map for the local "root" user to be able to be the rootdn, and have
no password value set
c) Or just delete it entirely. I'd suggest (a) or (b) instead, in case you
ever needed elevated privileges that are not subject to ACLs.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: