- Add more details in the comments of slapd.conf concerning

file permission and StartSSL capability.

OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=165

openldap2.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Oct 14 13:15:23 UTC 2016 - hguo@suse.com
+
+- Add more details in the comments of slapd.conf concerning
+  file permission and StartSSL capability.
+
 -------------------------------------------------------------------
 Thu Jun 23 22:46:29 UTC 2016 - jengelh@inai.de
 

slapd.conf

@@ -77,9 +77,11 @@ directory    /var/lib/ldap
 # Indices to maintain
 index        objectClass eq
 
-# Using TLS to secure communication between LDAP clients and the server is strongly recommended
+# Using TLS to secure communication between LDAP clients and the server is strongly recommended.
-# To enable TLS, first visit /etc/sysconfig/openldap and set OPENLDAP_START_LDAPS="yes", then
+# To enable TLS, you will need CA certificate, server certificate, and certificate key, and
-# set and uncomment the following lines:
+# write down their paths below, make sure the files are readable by user "ldap".
+# The server will then support StartTLS on standard port 389.
+# To also serve LDAPS on port 636, set OPENLDAP_START_LDAPS="yes" in /etc/sysconfig/openldap.
 #TLSProtocolMin 3.1
 #TLSCipherSuite HIGH:!SSLv3:!SSLv2:!ADH
 #TLSCACertificateFile /my/ca.crt