From 8822d1c7be9cfe2783f886922a778410bacd93cc Mon Sep 17 00:00:00 2001
From: Thomas Backlund <tmb@mageia.org>
Date: Sun, 22 Nov 2015 00:26:54 +0100
Subject: openldap: enable TLS_CACERT

---
 modules/pam/templates/openldap.ldap.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/pam/templates/openldap.ldap.conf b/modules/pam/templates/openldap.ldap.conf
index 7461d160..2e1c513c 100644
--- a/modules/pam/templates/openldap.ldap.conf
+++ b/modules/pam/templates/openldap.ldap.conf
@@ -18,7 +18,7 @@ TLS_REQCERT     allow
 # Use the default self-signed cert generated by openldap-server postinstall
 # by default 
 #TLS_CACERT      /etc/pki/tls/certs/ldap.pem
-#TLS_CACERT     /etc/ssl/openldap/ldap.mageia.org.pem
+TLS_CACERT     /etc/ssl/openldap/ldap.<%= domain %>.pem
 
 # If requiring support for certificates signed by all CAs (noting risks
 # pam_ldap if doing DNS-based suffix lookup etc.
-- 
cgit v1.2.1