- Add more details in the comments of slapd.conf concerning

file permission and StartSSL capability. OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=165
2016-10-14 14:03:28 +00:00 · 2016-10-14 14:03:28 +00:00 · 9d92335391
commit 9d92335391
parent 804800cafe
2 changed files with 11 additions and 3 deletions
--- a/openldap2.changes
+++ b/openldap2.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Oct 14 13:15:23 UTC 2016 - hguo@suse.com
+
+- Add more details in the comments of slapd.conf concerning
+  file permission and StartSSL capability.
+
 -------------------------------------------------------------------
 Thu Jun 23 22:46:29 UTC 2016 - jengelh@inai.de

--- a/slapd.conf
+++ b/slapd.conf
@ -77,9 +77,11 @@ directory    /var/lib/ldap
 # Indices to maintain
 index        objectClass eq

-# Using TLS to secure communication between LDAP clients and the server is strongly recommended
-# To enable TLS, first visit /etc/sysconfig/openldap and set OPENLDAP_START_LDAPS="yes", then
-# set and uncomment the following lines:
+# Using TLS to secure communication between LDAP clients and the server is strongly recommended.
+# To enable TLS, you will need CA certificate, server certificate, and certificate key, and
+# write down their paths below, make sure the files are readable by user "ldap".
+# The server will then support StartTLS on standard port 389.
+# To also serve LDAPS on port 636, set OPENLDAP_START_LDAPS="yes" in /etc/sysconfig/openldap.
 #TLSProtocolMin 3.1
 #TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH
 #TLSCACertificateFile /my/ca.crt