From e8eb42bb51de9392b0bc7e43a53ad3cd88913073 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 25 Sep 2009 07:33:52 -0400 Subject: add new config options ldap_tls_cacert and ldap_tls_cacertdir --- server/man/sssd-ldap.5.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) (limited to 'server/man') diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml index 4c7e07b6..b5efb11d 100644 --- a/server/man/sssd-ldap.5.xml +++ b/server/man/sssd-ldap.5.xml @@ -35,6 +35,13 @@ There can be more than one LDAP domain configured with SSSD. + + If you want to authenticate against an LDAP server TLS/SSL is + required. sssd does not + support authentication over an unencrypted channel. If the LDAP + server is used only as an identify provider, an encrypted channel + is not needed. + @@ -439,6 +446,42 @@ hard = Same as demand + + Default: hard + + + + + + ldap_tls_cacert (string) + + + Specifies the file that contains certificates for + all of the Certificate Authorities + sssd will recognize. + + + Default: use OpenLDAP defaults, typically in + /etc/openldap/ldap.conf + + + + + + ldap_tls_cacertdir (string) + + + Specifies the path of a directory that contains + Certificate Authority certificates in separate + individual files. Typically the file names need to + be the hash of the certificate followed by '.0'. + If available cacertdir_rehash + can be used to create the correct names. + + + Default: use OpenLDAP defaults, typically in + /etc/openldap/ldap.conf + -- cgit