[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replica not replicating



Johnny Morano wrote:

Well,
the problem was that in the replica section, i passed with credentials
option, the password encrypted (such credentials={crypt}blabla), while
it had to be the clear text password... cuz of the one encryption
(stupid me!!!). it is replicating now :-D

this raises my second question: since the /etc/openldap/slapd.conf is
world readable, is there a more secure way to set this password in the
credentials option?



Why should slapd.conf be world readable ? Just change it's permissions
and allow
only the user under which slapd runs to read it. Another approach would be
to have GSSAPI (KRB5) authentication and just feed slurpd a  ticket file.
But in turn the ticket file must have proper permission..

hth,
mitu