I have recently started using ejabberd and I am setting up the ldap module. There is a line {ldap_password, "secret"}. Where it is asking for my ldap password in plain text is there a way of hiding this like putting it in another file then linking. I don't feel comfortable just putting my ldap password in there.
Asked
Active
Viewed 256 times
1 Answers
2
Typically you ensure that:
- the config file is not visible by anyone but ejabberd (and root)
- ejabberd has its own credentials for LDAP, which can even be limited to only doing what ejabberd needs to do
A separate file provides no more security than above.
Having a dedicated LDAP user/password for ejabberd means that even if a compromise does happen, you can reset the password and only affect one service. If you do see some random connection in LDAP, it's also a good and simple way to figure out WHAT was compromised.
gregmac
- 1,579
- 4
- 18
- 27