mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Zap "TLS hard"

Browse Source
This commit is contained in:
Kurt Zeilenga 2003-05-22 00:15:57 +00:00
parent 65bfb44e8e
commit b378944fc1
1 changed files with 4 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
doc/man/man5/ldap.conf.5
View File

@ -192,31 +192,10 @@ size allowed. 0 disables security layers. The default is 65536.
.RE .RE
.SH TLS OPTIONS .SH TLS OPTIONS
If OpenLDAP is built with Transport Layer Security support, there If OpenLDAP is built with Transport Layer Security support, there
are more options you can specify. are more options you can specify. These options are used when an
.TP .B ldaps:// URI
.B TLS <level> is selected (by default or otherwise) or when the application
Specifies whether client connections should use ldaps:// by default. negotiates TLS by issuing the LDAP Start TLS operation.
This option is deprecated in favor of the
.B URI
option. Using the
.B TLS
option may break some applications.
.LP
The
.B <level>
can be specified as one of the following keywords:
.RS
.TP
.B never
This is the default. Connections will be opened in the clear unless
TLS is explicitly specified (e.g. using an "ldaps://" URL.)
.TP
.B hard
All connections will be established with TLS.
Note that using this option effectively makes the library open every
session as an ldaps session and is incompatible with the LDAPv3 StartTLS
request.
.RE
.TP .TP
.B TLS_CACERT <filename> .B TLS_CACERT <filename>
Specifies the file that contains certificates for all of the Certificate Specifies the file that contains certificates for all of the Certificate