Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
ingo Voss
OpenLDAP
Commits
cfc231a5
Commit
cfc231a5
authored
Aug 28, 2020
by
Howard Chu
Committed by
Quanah Gibson-Mount
Aug 28, 2020
Browse files
ITS#9054, #9318 document new TLS options in slapd
parent
fa6d19d4
Changes
4
Hide whitespace changes
Inline
Side-by-side
doc/man/man5/slapd-config.5
View file @
cfc231a5
...
...
@@ -1785,7 +1785,9 @@ FALSE, meaning the contextCSN is stored in the context entry.
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_reqsan=never|allow|try|demand]
.B [tls_cipher_suite=<ciphers>]
.B [tls_ecname=<names>]
.B [tls_crlcheck=none|peer|all]
.B [tls_protocol_min=<major>[.<minor>]]
.B [suffixmassage=<real DN>]
...
...
@@ -1951,7 +1953,9 @@ to establish a TLS session before Binding to the provider. If the
argument is supplied, the session will be aborted if the StartTLS request
fails. Otherwise the syncrepl session continues without TLS. The
.B tls_reqcert
setting defaults to "demand" and the other TLS settings default to the same
setting defaults to "demand", the
.B tls_reqsan
setting defaults to "allow", and the other TLS settings default to the same
as the main slapd TLS settings.
The
...
...
doc/man/man5/slapd-ldap.5
View file @
cfc231a5
...
...
@@ -113,7 +113,9 @@ needs to be created.
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_reqsan=never|allow|try|demand]
.B [tls_cipher_suite=<ciphers>]
.B [tls_ecname=<names>]
.B [tls_protocol_min=<major>[.<minor>]]
.B [tls_crlcheck=none|peer|all]
.RS
...
...
@@ -152,7 +154,9 @@ and
The TLS settings default to the same as the main slapd TLS settings,
except for
.B tls_reqcert
which defaults to "demand".
which defaults to "demand", and
.B tls_reqsan
which defaults to "allow".
.RE
.TP
...
...
@@ -227,7 +231,9 @@ case allows anonymous rather than denies.
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_reqsan=never|allow|try|demand]
.B [tls_cipher_suite=<ciphers>]
.B [tls_ecname=<names>]
.B [tls_protocol_min=<version>]
.B [tls_crlcheck=none|peer|all]
.RS
...
...
@@ -378,7 +384,9 @@ is recommended.
The TLS settings default to the same as the main slapd TLS settings,
except for
.B tls_reqcert
which defaults to "demand".
which defaults to "demand", and
.B tls_reqsan
which defaults to "allow".
The identity associated to this directive is also used for privileged
operations whenever \fBidassert\-bind\fP is defined and \fBacl\-bind\fP
...
...
@@ -584,7 +592,9 @@ is used.
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_reqsan=never|allow|try|demand]
.B [tls_cipher_suite=<ciphers>]
.B [tls_ecname=<names>]
.B [tls_crlcheck=none|peer|all]
.RS
Specify TLS settings for regular connections.
...
...
@@ -600,7 +610,9 @@ if the StartTLS operation failed; its use is \fBnot\fP recommended.
The TLS settings default to the same as the main slapd TLS settings,
except for
.B tls_reqcert
which defaults to "demand" and
which defaults to "demand",
.B tls_reqsan
which defaults to "allow", and
.B starttls
which is overshadowed by the first keyword and thus ignored.
.RE
...
...
doc/man/man5/slapd-meta.5
View file @
cfc231a5
...
...
@@ -361,7 +361,9 @@ for details on the syntax of this field.
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_reqsan=never|allow|try|demand]
.B [tls_cipher_suite=<ciphers>]
.B [tls_ecname=<ciphers>]
.B [tls_protocol_min=<major>[.<minor>]]
.B [tls_crlcheck=none|peer|all]
.RS
...
...
@@ -511,7 +513,9 @@ is recommended.
The TLS settings default to the same as the main slapd TLS settings,
except for
.B tls_reqcert
which defaults to "demand".
which defaults to "demand", and
.B tls_reqsan
which defaults to "allow"..
The identity associated to this directive is also used for privileged
operations whenever \fBidassert\-bind\fP is defined and \fBacl\-bind\fP
...
...
doc/man/man5/slapd.conf.5
View file @
cfc231a5
...
...
@@ -1765,7 +1765,9 @@ the contextCSN is stored in the context entry.
.B [tls_cacert=<file>]
.B [tls_cacertdir=<path>]
.B [tls_reqcert=never|allow|try|demand]
.B [tls_reqsan=never|allow|try|demand]
.B [tls_cipher_suite=<ciphers>]
.B [tls_ecname=<names>]
.B [tls_crlcheck=none|peer|all]
.B [tls_protocol_min=<major>[.<minor>]]
.B [suffixmassage=<real DN>]
...
...
@@ -1963,7 +1965,9 @@ to establish a TLS session before Binding to the provider. If the
argument is supplied, the session will be aborted if the StartTLS request
fails. Otherwise the syncrepl session continues without TLS. The
.B tls_reqcert
setting defaults to "demand" and the other TLS settings
setting defaults to "demand", the
.B tls_reqsan
seting defaults to "allow", and the other TLS settings
default to the same as the main slapd TLS settings.
The
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment