You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

25 lines
1.1 KiB

#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
ssl start_tls
TLS_REQCERT never
# The following provides modern TLS configuration that guarantees forward-
# secrecy and efficiency. This configuration drops support for old operating
# systems (Windows Server 2008 R2 and earlier).
# To add support for Windows Server 2008 R2 set TLS_PROTOCOL_MIN to 3.1 and
# add these ciphers to TLS_CIPHER_SUITE:
# ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:
# ECDHE-RSA-AES128-SHA
# TLS_PROTOCOL_MIN: 3.1 for TLSv1.0, 3.2 for TLSv1.1, 3.3 for TLSv1.2.
TLS_PROTOCOL_MIN 3.3
TLS_CIPHER_SUITE ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
#TLS_CACERT absolute path to trusted certificate of LDAP server. For example /opt/splunk/etc/openldap/certs/mycertificate.pem
#TLS_CACERTDIR absolute path to directory that contains trusted certificates of LDAP server. For example /opt/splunk/etc/openldap/certs

Powered by BW's shoe-string budget.