You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 lines
1.1 KiB
25 lines
1.1 KiB
#
|
|
# LDAP Defaults
|
|
#
|
|
|
|
# See ldap.conf(5) for details
|
|
# This file should be world readable but not world writable.
|
|
|
|
ssl start_tls
|
|
TLS_REQCERT never
|
|
|
|
# The following provides modern TLS configuration that guarantees forward-
|
|
# secrecy and efficiency. This configuration drops support for old operating
|
|
# systems (Windows Server 2008 R2 and earlier).
|
|
# To add support for Windows Server 2008 R2 set TLS_PROTOCOL_MIN to 3.1 and
|
|
# add these ciphers to TLS_CIPHER_SUITE:
|
|
# ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:
|
|
# ECDHE-RSA-AES128-SHA
|
|
|
|
# TLS_PROTOCOL_MIN: 3.1 for TLSv1.0, 3.2 for TLSv1.1, 3.3 for TLSv1.2.
|
|
TLS_PROTOCOL_MIN 3.3
|
|
TLS_CIPHER_SUITE ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
|
|
|
#TLS_CACERT absolute path to trusted certificate of LDAP server. For example /opt/splunk/etc/openldap/certs/mycertificate.pem
|
|
#TLS_CACERTDIR absolute path to directory that contains trusted certificates of LDAP server. For example /opt/splunk/etc/openldap/certs
|