I don't think you gain any special advantages by encrypting (or not) in a slapd.conf context versus any other encryption application. Like most password encryption, it largely boils down to speed bumps in the face of a preexisting access vector.
On Tue, 13 Nov 2007, Peter Clark wrote:
Heh, thanks for the warning about the rootpw. I used an example of one from the internet. :)
If you cannot supply an encrypted password in the credentials= field and you have both the rootpw= and credentials= visible in the slapd.conf does it serve any purpose for encrypting the rootpw in the slapd.conf? Or is there another purpose to encrypting it other than to stop someone from parsing the file and getting it?
I hope that makes sense.
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/