[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP replication 'credentials'

To: openldap-software@openldap.org
Subject: OpenLDAP replication 'credentials'
From: Mark W Apperson <Mark_W_Apperson@raytheon.com>
Date: Wed, 7 May 2008 07:33:11 -0500
Importance: Normal
In-reply-to:
References:

We will be using OpenLDAP with TLS, and also plan to use the OpenLDAP
replication as well.

I would like to keep plain text passwords out of config files.  We are
using the '{SSHA}' configuration option for the 'rootdn' configuration
variable.  Is there something similar that I can use for the replication
'credentials'?

I considered using SASL, but SASL passwords are stored in plain text in the
SASL password database, so that would just move the problem to a different
file.

I unsuccessfully tried using the '{SSHA}' configuration option for the
replication 'credentials'.

Is there a way to hash or encrypt the replication credentials without using
SASL?

Thanks in advance of any replies,

Mark

Follow-Ups:
- Re: OpenLDAP replication 'credentials'
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: OpenLDAP replication 'credentials'
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: slapd seg faults
Next by Date: Re: Schemas and back-config
Index(es):
- Chronological
- Thread