diff --git a/openldap2.changes b/openldap2.changes index 249d565..f1edee5 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Oct 14 13:15:23 UTC 2016 - hguo@suse.com + +- Add more details in the comments of slapd.conf concerning + file permission and StartTLS capability. + ------------------------------------------------------------------- Thu Jun 23 22:46:29 UTC 2016 - jengelh@inai.de diff --git a/slapd.conf b/slapd.conf index 5f909d1..03d49be 100644 --- a/slapd.conf +++ b/slapd.conf @@ -77,9 +77,11 @@ directory /var/lib/ldap # Indices to maintain index objectClass eq -# Using TLS to secure communication between LDAP clients and the server is strongly recommended -# To enable TLS, first visit /etc/sysconfig/openldap and set OPENLDAP_START_LDAPS="yes", then -# set and uncomment the following lines: +# Using TLS to secure communication between LDAP clients and the server is strongly recommended. +# To enable TLS, you will need CA certificate, server certificate, and certificate key, and +# write down their paths below, make sure the files are readable by user "ldap". +# The server will then support StartTLS on standard port 389. +# To also serve LDAPS on port 636, set OPENLDAP_START_LDAPS="yes" in /etc/sysconfig/openldap. #TLSProtocolMin 3.1 #TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH #TLSCACertificateFile /my/ca.crt