Splunk_Docker/files/splunk-etc/openldap/ldap.conf.default

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

ssl start_tls
TLS_REQCERT never

# The following provides modern TLS configuration that guarantees forward-
# secrecy and efficiency. This configuration drops support for old operating
# systems (Windows Server 2008 R2 and earlier).
# To add support for Windows Server 2008 R2 set TLS_PROTOCOL_MIN to 3.1 and
# add these ciphers to TLS_CIPHER_SUITE:
#     ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:
#     ECDHE-RSA-AES128-SHA

# TLS_PROTOCOL_MIN: 3.1 for TLSv1.0, 3.2 for TLSv1.1, 3.3 for TLSv1.2.
TLS_PROTOCOL_MIN 3.3
TLS_CIPHER_SUITE ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

#TLS_CACERT absolute path to trusted certificate of LDAP server. For example /opt/splunk/etc/openldap/certs/mycertificate.pem
#TLS_CACERTDIR absolute path to directory that contains trusted certificates of LDAP server. For example /opt/splunk/etc/openldap/certs
Inital Commit 5 months ago			`#`
			`# LDAP Defaults`
			`#`

			`# See ldap.conf(5) for details`
			`# This file should be world readable but not world writable.`

			`ssl start_tls`
			`TLS_REQCERT never`

			`# The following provides modern TLS configuration that guarantees forward-`
			`# secrecy and efficiency. This configuration drops support for old operating`
			`# systems (Windows Server 2008 R2 and earlier).`
			`# To add support for Windows Server 2008 R2 set TLS_PROTOCOL_MIN to 3.1 and`
			`# add these ciphers to TLS_CIPHER_SUITE:`
			`# ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:`
			`# ECDHE-RSA-AES128-SHA`

			`# TLS_PROTOCOL_MIN: 3.1 for TLSv1.0, 3.2 for TLSv1.1, 3.3 for TLSv1.2.`
			`TLS_PROTOCOL_MIN 3.3`
			`TLS_CIPHER_SUITE ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256`

			`#TLS_CACERT absolute path to trusted certificate of LDAP server. For example /opt/splunk/etc/openldap/certs/mycertificate.pem`
			`#TLS_CACERTDIR absolute path to directory that contains trusted certificates of LDAP server. For example /opt/splunk/etc/openldap/certs`