From b76f383eefe961e8a2f42ac782031e3e09ff7192 Mon Sep 17 00:00:00 2001
From: Oliver Liebel <oliver@itc.li>
Date: Mon, 8 Sep 2008 14:39:54 +1000
Subject: Use DIGEST-MD5 authentication for OpenLDAP replication

This avoids passing rootdn passwords or replicated data in cleartext
across the network.

Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
---
 source4/setup/mmr_syncrepl.conf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'source4/setup/mmr_syncrepl.conf')

diff --git a/source4/setup/mmr_syncrepl.conf b/source4/setup/mmr_syncrepl.conf
index 3a207b2d13..1373858c4e 100644
--- a/source4/setup/mmr_syncrepl.conf
+++ b/source4/setup/mmr_syncrepl.conf
@@ -5,7 +5,8 @@ syncrepl rid=${RID}
 	searchbase="${MMRDN}"
 	type=refreshAndPersist
 	retry="10 +"
-	bindmethod=simple
-	binddn="CN=Manager,${MMRDN}"
+	bindmethod=sasl
+	saslmech=DIGEST-MD5
+	authcid="replicator"
 	credentials="${MMR_PASSWORD}"
 
-- 
cgit