Needing “manager” access to an OpenLDAP LDAP directory server from a
machine on which I didn’t want to have a password lying around, I set up
slapd
to allow the EXTERNAL
SASL mechanism using a certificate. That means
of course, that the user of that client machine is de facto manager, but at
least she doesn’t need to know the password. I’ve updated my documentation on
using the EXTERNAL mechanism, hoping it will be of use to somebody. Oh,
and in case I’ve never said that before: OpenLDAP rocks! :-)