blob: 7461d160ce1088374c51bba03805b5f667d3dd4c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#BASE dc=example, dc=com
#HOST ldap.example.com ldap-master.example.com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# SSL/TSL configuration. With CA-signed certs, TLS_REQCERT should be
# "demand", with the CA certificate accessible
#TLS_REQCERT ([demand],never,allow,try)
# We ship with allow by default as some LDAP clients (e.g. evolution) have
# no interactive SSL configuration
TLS_REQCERT allow
# CA Certificate locations
# Use the default self-signed cert generated by openldap-server postinstall
# by default
#TLS_CACERT /etc/pki/tls/certs/ldap.pem
#TLS_CACERT /etc/ssl/openldap/ldap.mageia.org.pem
# If requiring support for certificates signed by all CAs (noting risks
# pam_ldap if doing DNS-based suffix lookup etc.
#TLS_CACERTDIR /etc/pki/tls/rootcerts
|
