phpldapadmin & clear text cookies
After installing openldap I needed a tool to manage it. I did some searching and it seems that phpldapadmin is the most popular one. I've installed that and set auth_type='cookie' in the config file. Now when I connect, my browser stores cookies containing my dn and password, both in clear text. The cookies expire and are removed when the session is ended, but still, I don't feel 100% comfortable. Would it be more secure to use auth_type='session' instead, or would I just be moving the clear text login / password from the client to the server?
Also, would anyone recommend a different tool to administer an openldap directory?