Thanks, Michael. So the ldap backend acting as a client needs cleartext credentials; I see that now. Is there some conventional way to provide the cleartext password to slapd-ldap without exposing it in the slapd.conf file?
You could use the cn=config backend, then it would be in slapd.d or whatever you named it. But it is still going to exist on-disk.
--Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration