From bd4aaf1d72537a74c383a26e10df140be43b7559 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 19 Jan 1999 23:10:47 +0000
Subject: [PATCH] Import slapd.conf and ldap.conf changes from -devel Mainly
 comment on 'read' privs and provide references to man pages

---
 doc/man/man5/slapd.conf.5   | 5 ++++-
 libraries/libldap/ldap.conf | 3 +++
 servers/slapd/slapd.conf    | 6 ++++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index a53a3c41bf..3d7831293d 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -238,7 +238,10 @@ Specify the DN of an entry that is not subject to access control
 or administrative limit restrictions for operations on this database.
 .TP
 .B rootpw <password>
-Specify a password for the rootdn.
+Specify a password (or hash of the password) for the rootdn.
+This option accepts all password formats known to the server
+including \fB{SHA}\fP, \fB{MD5}\fP, \fB{CRYPT}\fP, and cleartext.  
+Cleartext passwords are not recommended.
 .TP
 .B suffix <dn suffix>
 Specify the DN suffix of queries that will be passed to this 
diff --git a/libraries/libldap/ldap.conf b/libraries/libldap/ldap.conf
index b3d3a6646d..28ca7f5d76 100644
--- a/libraries/libldap/ldap.conf
+++ b/libraries/libldap/ldap.conf
@@ -2,6 +2,9 @@
 # LDAP Defaults
 #
 
+# See ldap.conf(5) for details
+# This file should be world readable.
+
 BASE	dc=OpenLDAP, dc=Org
 HOST	ldap.openldap.org
 
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index 901e569382..80e121d300 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -1,3 +1,7 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
 include		%SYSCONFDIR%/slapd.at.conf
 include		%SYSCONFDIR%/slapd.oc.conf
 schemacheck	off
@@ -14,3 +18,5 @@ directory	/usr/tmp
 rootdn		"cn=root, dc=your-domain, dc=com"
 #rootdn		"cn=root, o=Your Organization Name, c=US"
 rootpw		secret
+# cleartext passwords, especially for the rootdn, should
+# be avoid.  See slapd.conf(5) for details.
-- 
GitLab