Description of problem:
Auth MIQLDAP - miqldap_to_sssd conversion scripts puts admin password in sssd.conf file. Plain text password is stored in sssd.conf under ldap_default_authtok key. I wouldn't think this password would be available, as I'd expect it would be hashed in the database to begin with. The file is owend by root:root with 600 perms. But I'd argue it's still bad form to have plain text passwords in text files, especially what is probably a auth domain admin password.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure MIQLDAP
2.run miqldap_to_sssd conversion
LDAP admin password is stored in /etc/sssd/sssd.conf
This should not be required.
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1573509
SSSD requires the authtok to be in plain text in the /etc/sssd/sssd.conf file
Fromt he SSSD-LDAP(5) man page:
The authentication token of the default bind DN. Only clear text
passwords are currently supported.
There is an optional SSSD package, sssd-tools, that does have some
support for some SSSD password obfuscation through the command
SSS_OBFUSCATE(8). It is a package we do not ship. I will update the
miqldap_to_sssd blog post  to include a mention of SSS_OBFUSCATE(8)
for users that want to take advantage of it.
manageiq.org isn't downstream documentation. Changing the component to Documentation so downstream documentation can be reviewed and updated as needed.
(In reply to Satoe Imaishi from comment #5)
> manageiq.org isn't downstream documentation. Changing the component to
> Documentation so downstream documentation can be reviewed and updated as
At the moment the only place the miqldap_to_sssd conversion script is documented is in the manageiq.org blog post.