[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replicator account password encrypted and entries are hidden in ldap viewer



Am Wed, 17 Aug 2016 14:19:08 +0000
schrieb "Kruger, P (Justid)" <p.kruger@justid.nl>:

> We succesfully installed openldap with:
> 
> -       Replication
> 
> -       Password policy
> 
> After applying config policy with olcPPolicyHashCleartext: TRUE the
> password the replicator user password gets encrypted with ssha.

wrong attribute, read slapd-config(5) on olcPasswordHash


> Although, according to what I've read, the password with simple bind
> should not be encrypted, it seems that replication still is
> functioning.

The stored Password should be hashed, but as part of a bind operation
the password transport must be cleartext.

> Questions:
> Can anybody tell me if should be expected to cause a problem?
> How do you handle the replication user and password in regards to
> encrypted passwords?

use TLS, or rely on SASL and DIGEST-MD5.
> 
> Second problem we are facing is that the replication OU and
> underlaying account are not visible anymore. With slapcat the OU is
> still visible in the LDIF file, but not in the LDAP viewer. If I'm
> not mistaken, the record is of the type GLUE, which might indicate
> that it is not properly replicated and therefore not visible?

access rules? do you replicate subordinate databases?

[...]

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E