rpms/openldap
5
0
Fork 0
Code Issues Pull Requests Releases Activity

TLS: Use system trusted CA store by default

Browse Source 
Resolves: #1270678, #1537259
This commit is contained in:
Matúš Honěk 2018-02-11 20:01:37 +01:00
parent 44d9f0fe1b
commit bdec46fdaf
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ldap.conf
View File

@ -12,7 +12,10 @@
#TIMELIMIT 15 #TIMELIMIT 15
#DEREF never #DEREF never
TLS_CACERTDIR /etc/openldap/certs # When no CA certificates are specified the Shared System Certificates
# are in use. In order to have these available along with the ones specified
# by TLS_CACERTDIR one has to include them explicitly:
#TLS_CACERT /etc/pki/tls/cert.pem
# Turning this off breaks GSSAPI used with krb5 when rdns = false # Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on SASL_NOCANON on

11
slapd.ldif
View File

@ -9,9 +9,14 @@ cn: config
# #
# TLS settings # TLS settings
# #
olcTLSCACertificatePath: /etc/openldap/certs # When no CA certificates are specified the Shared System Certificates
olcTLSCertificateFile: "OpenLDAP Server" # are in use. In order to have these available along with the ones specified
olcTLSCertificateKeyFile: /etc/openldap/certs/password # by oclTLSCACertificatePath one has to include them explicitly:
#olcTLSCACertificateFile: /etc/pki/tls/cert.pem
#
# Private cert and key are not pregenerated.
#olcTLSCertificateFile:
#olcTLSCertificateKeyFile:
# #
# Do not enable referrals until AFTER you have a working directory # Do not enable referrals until AFTER you have a working directory