TLS: Use system trusted CA store by default
Resolves: #1270678, #1537259
This commit is contained in:
Matúš Honěk
parent
44d9f0fe1b
commit
bdec46fdaf
|
|
@ -12,7 +12,10 @@
|
|||
#TIMELIMIT 15
|
||||
#DEREF never
|
||||
|
||||
TLS_CACERTDIR /etc/openldap/certs
|
||||
# When no CA certificates are specified the Shared System Certificates
|
||||
# are in use. In order to have these available along with the ones specified
|
||||
# by TLS_CACERTDIR one has to include them explicitly:
|
||||
#TLS_CACERT /etc/pki/tls/cert.pem
|
||||
|
||||
# Turning this off breaks GSSAPI used with krb5 when rdns = false
|
||||
SASL_NOCANON on
|
||||
|
|
|
|||
11
slapd.ldif
11
slapd.ldif
|
|
@ -9,9 +9,14 @@ cn: config
|
|||
#
|
||||
# TLS settings
|
||||
#
|
||||
olcTLSCACertificatePath: /etc/openldap/certs
|
||||
olcTLSCertificateFile: "OpenLDAP Server"
|
||||
olcTLSCertificateKeyFile: /etc/openldap/certs/password
|
||||
# When no CA certificates are specified the Shared System Certificates
|
||||
# are in use. In order to have these available along with the ones specified
|
||||
# by oclTLSCACertificatePath one has to include them explicitly:
|
||||
#olcTLSCACertificateFile: /etc/pki/tls/cert.pem
|
||||
#
|
||||
# Private cert and key are not pregenerated.
|
||||
#olcTLSCertificateFile:
|
||||
#olcTLSCertificateKeyFile:
|
||||
|
||||
#
|
||||
# Do not enable referrals until AFTER you have a working directory
|
||||
|
|
|
|||
Loading…
Reference in New Issue