From fe020eca3399aed41a7c5e7ff1ce5155e2d17327 Mon Sep 17 00:00:00 2001 From: Aaron Spangler Date: Fri, 3 Sep 2004 01:56:45 +0000 Subject: [PATCH] tls_ examples --- README.LDAP | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/README.LDAP b/README.LDAP index 284915235..bb6f3eb0f 100644 --- a/README.LDAP +++ b/README.LDAP @@ -247,6 +247,7 @@ when you imported the sudoers. Below is an example /etc/ldap.conf # but only works with LDAP SDK's that support # ldap_initialize() such as OpenLDAP uri ldap://ldapserver + #uri ldaps://secureldapserver # # must be set or sudo will ignore LDAP sudoers_base ou=SUDOers,dc=example,dc=com @@ -265,6 +266,39 @@ when you imported the sudoers. Below is an example /etc/ldap.conf # encryption before the bind credentials are sent #ssl start_tls # + # Additional TLS options follow that allow tweaking + # of the SSL/TLS connection + # + #tls_checkpeer yes # verify server SSL certificate + #tls_checkpeer no # ignore server SSL certificate + # + # If you enable tls_checkpeer, specify either tls_cacertfile + # or tls_cacertdir. + # + #tls_cacertfile /etc/certs/trusted_signers.pem + #tls_cacertdir /etc/certs + # + # For systems that don't have /dev/random + # use this along with PRNGD or EGD.pl to seed the + # random number pool to generate cryptographic session keys. + # + #tls_randfile /etc/egd-pool + # + # You may restrict which ciphers are used. Consult your SSL + # documentation for which options go here. + # + #tls_ciphers + # + # Sudo can provide a client certificate when communicating to + # the LDAP server. + # Tips: + # * Enable both lines at the same time. + # * Do not password protect the key file. + # * Ensure the keyfile is only readable by root. + # + #tls_cert /etc/certs/client_cert.pem + #tls_key /etc/certs/client_key.pem + # Debugging your LDAP configuration ================================= -- 2.50.1