add new config options ldap_tls_cacert and ldap_tls_cacertdir

author: Sumit Bose <sbose@redhat.com> 2009-09-25 07:33:52 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2009-09-25 09:03:30 -0400
commit: e8eb42bb51de9392b0bc7e43a53ad3cd88913073 (patch)
tree: 8e10f0fa2feca6a5de70140955d66460ea354706 /server/man
parent: 3c02938a2643fdc8ff83d81400334172f0743823 (diff)
download: sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.tar.gz
sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.tar.bz2
sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.zip
1 files changed, 43 insertions, 0 deletions
diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml
index 4c7e07b6..b5efb11d 100644
--- a/server/man/sssd-ldap.5.xml
+++ b/server/man/sssd-ldap.5.xml
@@ -35,6 +35,13 @@
         <para>
             There can be more than one LDAP domain configured with SSSD.
         </para>
+        <para>
+            If you want to authenticate against an LDAP server TLS/SSL is
+            required. <command>sssd</command> <emphasis>does not</emphasis>
+            support authentication over an unencrypted channel. If the LDAP
+            server is used only as an identify provider, an encrypted channel
+            is not needed.
+        </para>
     </refsect1>
 
     <refsect1 id='file-format'>
@@ -439,6 +446,42 @@
                             <emphasis>hard</emphasis> = Same as
                             <quote>demand</quote>
                         </para>
+                        <para>
+                            Default: hard
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>ldap_tls_cacert (string)</term>
+                    <listitem>
+                        <para>
+                            Specifies the file that contains certificates for
+                            all of the Certificate Authorities
+                            <command>sssd</command> will recognize.
+                        </para>
+                        <para>
+                            Default: use OpenLDAP defaults, typically in
+                            /etc/openldap/ldap.conf
+                        </para>
+                    </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                    <term>ldap_tls_cacertdir (string)</term>
+                    <listitem>
+                        <para>
+                            Specifies  the  path of a directory that contains
+                            Certificate Authority certificates in separate
+                            individual files. Typically the file names need to
+                            be the hash of the certificate followed by '.0'.
+                            If available <command>cacertdir_rehash</command>
+                            can be used to create the correct names.
+                        </para>
+                        <para>
+                            Default: use OpenLDAP defaults, typically in
+                            /etc/openldap/ldap.conf
+                        </para>
                     </listitem>
                 </varlistentry>
author	Sumit Bose <sbose@redhat.com>	2009-09-25 07:33:52 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2009-09-25 09:03:30 -0400
commit	e8eb42bb51de9392b0bc7e43a53ad3cd88913073 (patch)
tree	8e10f0fa2feca6a5de70140955d66460ea354706 /server/man
parent	3c02938a2643fdc8ff83d81400334172f0743823 (diff)
download	sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.tar.gz sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.tar.bz2 sssd-e8eb42bb51de9392b0bc7e43a53ad3cd88913073.zip