Thank you for sharing the test case, SASL/EXTERNAL is working.
Thank you, it is working by enabling bindmethod=sasl and saslmech=external in
olcSyncrepl configuration.
--On Friday, March 8, 2024 5:42 PM + mbala...@opentext.com wrote:
How to configure olcSyncrepl without a plaintext password? I tried using
credentials="{SSHA256}jRlrKRCcrhYo7SqbPDc5WkoSxaHc8y/e0DPWaAnveUkQpQ7wEOW
hsw==" format. Does olcSyncrepl accepts password in {SSHA256} format?
Hi mbalakri,
May I politely suggest that you try it yourself and see?
Chris Paul | https://www.rexconsulting.net
> -Original Message-
> From: mbala...@opentext.com
> Sent: Friday, March 8, 2024 10:56 AM
> To: openldap-technical@openldap.org
> Subject: Re: Configure repl
Christopher Paul,
https://www.openldap.org/faq/data/cache/1504.html, are you talking about this
configuration?
To: Ben Poliakoff
Cc: mbala...@opentext.com ;
openldap-technical@openldap.org
Subject: Re: Configure replication without a plaintext password.
Ben,
I would like to use GSSAPI for my replication. Would you be willing to share
how you went about it?
Thanks,
Brendan
Ben,
I would like to use GSSAPI for my replication. Would you be willing to
share how you went about it?
Thanks,
Brendan
On Fri, Mar 8, 2024, 1:05 PM Ben Poliakoff wrote:
> You definitely won't be able to use a password hash as a credential for
> syncrepl. A hash is a one way function so you
You definitely won't be able to use a password hash as a credential for
syncrepl. A hash is a one way function so you can't readily drive the
password from it (except via exhaustive brute force).
To avoid storing a clear text password in your config, you'll need to use
another mechanism such as