From 9d92335391dd4edf32196d7e7540f0f3be54572b7545071fdf6edf265c1d4856 Mon Sep 17 00:00:00 2001 From: Howard Guo Date: Fri, 14 Oct 2016 14:03:28 +0000 Subject: [PATCH] - Add more details in the comments of slapd.conf concerning file permission and StartSSL capability. OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=165 --- openldap2.changes | 6 ++++++ slapd.conf | 8 +++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/openldap2.changes b/openldap2.changes index 249d565..345bd3a 100644 --- a/openldap2.changes +++ b/openldap2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Oct 14 13:15:23 UTC 2016 - hguo@suse.com + +- Add more details in the comments of slapd.conf concerning + file permission and StartSSL capability. + ------------------------------------------------------------------- Thu Jun 23 22:46:29 UTC 2016 - jengelh@inai.de diff --git a/slapd.conf b/slapd.conf index 5f909d1..03d49be 100644 --- a/slapd.conf +++ b/slapd.conf @@ -77,9 +77,11 @@ directory /var/lib/ldap # Indices to maintain index objectClass eq -# Using TLS to secure communication between LDAP clients and the server is strongly recommended -# To enable TLS, first visit /etc/sysconfig/openldap and set OPENLDAP_START_LDAPS="yes", then -# set and uncomment the following lines: +# Using TLS to secure communication between LDAP clients and the server is strongly recommended. +# To enable TLS, you will need CA certificate, server certificate, and certificate key, and +# write down their paths below, make sure the files are readable by user "ldap". +# The server will then support StartTLS on standard port 389. +# To also serve LDAPS on port 636, set OPENLDAP_START_LDAPS="yes" in /etc/sysconfig/openldap. #TLSProtocolMin 3.1 #TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH #TLSCACertificateFile /my/ca.crt