blob: a2a3efab619438dd2978c4a21452e0e038f24360 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#BASE dc=example, dc=com
#HOST ldap.example.com ldap-master.example.com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# SSL/TSL configuration. With CA-signed certs, TLS_REQCERT should be
# "demand", with the CA certificate accessible
#TLS_REQCERT ([demand],never,allow,try)
# We ship with allow by default as some LDAP clients (e.g. evolution) have
# no interactive SSL configuration
TLS_REQCERT allow
# CA Certificate locations
# Use the default self-signed cert generated by openldap-server postinstall
# by default
#TLS_CACERT /etc/pki/tls/certs/ldap.pem
#TLS_CACERT /etc/ssl/openldap/ldap.<%= @domain %>.pem
# If requiring support for certificates signed by all CAs (noting risks
# pam_ldap if doing DNS-based suffix lookup etc.
#TLS_CACERTDIR /etc/pki/tls/rootcerts
|
