[Date Prev][Date Next] [Chronological] [Thread] [Top]

olcTLSCACertificateFile and olcTLSCertificateFile displayed as encrypted?

To: OpenLDAP Technical <openldap-technical@openldap.org>
Subject: olcTLSCACertificateFile and olcTLSCertificateFile displayed as encrypted?
From: Jean-Francois Malouin <Jean-Francois.Malouin@bic.mni.mcgill.ca>
Date: Wed, 26 Sep 2018 16:11:53 -0400
Content-disposition: inline
Mail-followup-to: OpenLDAP Technical <openldap-technical@openldap.org>
User-agent: Mutt/1.5.21 (2010-09-15)

Hi,

Not a very important question, just a little puzzled by this...
Is there a reason why the olcTLSCACertificateFile and olcTLSCertificateFile
paths show up as encrypted in this cn=config search?

slapd 2.4.46 on Debian 9.5 (Stretch)

ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b 'cn=config' -s base
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: stats
olcLogLevel: sync
olcPidFile: /var/run/slapd/slapd.pid
olcServerID: 1
olcTLSCACertificateFile:: IC9ldGMvbGRhcC9zc2wvQ09NT0RPX0NBX2J1bmRsZS5jcnQ=
olcTLSCertificateFile:: ICAgL2V0Yy9sZGFwL3NzbC9TVEFSX2JpY19tbmlfbWNnaWxsX2NhLmNydA==
olcTLSCertificateKeyFile: /etc/ldap/ssl/STAR_bic_mni_mcgill_ca.key
olcTLSCipherSuite: NORMAL
olcTLSVerifyClient: allow
olcToolThreads: 1

There is an extra ':' ...

When I edit/display the cn=config with ldapvi (old fart here!) they show up as:

olcTLSCACertificateFile:;  /etc/ldap/ssl/COMODO_CA_bundle.crt
olcTLSCertificateFile:;    /etc/ldap/ssl/STAR_bic_mni_mcgill_ca.crt

again, notice the ';' this time...

Just curious!

Thanks,
jf

Follow-Ups:
- Re: olcTLSCACertificateFile and olcTLSCertificateFile displayed as encrypted?
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: olcTLSCACertificateFile and olcTLSCertificateFile displayed as encrypted?
  - From: Michael Wandel <m.wandel@t-online.de>

Prev by Date: Re: issues with equality matching and slapd death
Next by Date: Re: issues with equality matching and slapd death
Index(es):
- Chronological
- Thread