summaryrefslogtreecommitdiffstats
path: root/server/man/sssd-ldap.5.xml
diff options
context:
space:
mode:
Diffstat (limited to 'server/man/sssd-ldap.5.xml')
-rw-r--r--server/man/sssd-ldap.5.xml43
1 files changed, 43 insertions, 0 deletions
diff --git a/server/man/sssd-ldap.5.xml b/server/man/sssd-ldap.5.xml
index 4c7e07b6e..b5efb11d0 100644
--- a/server/man/sssd-ldap.5.xml
+++ b/server/man/sssd-ldap.5.xml
@@ -35,6 +35,13 @@
<para>
There can be more than one LDAP domain configured with SSSD.
</para>
+ <para>
+ If you want to authenticate against an LDAP server TLS/SSL is
+ required. <command>sssd</command> <emphasis>does not</emphasis>
+ support authentication over an unencrypted channel. If the LDAP
+ server is used only as an identify provider, an encrypted channel
+ is not needed.
+ </para>
</refsect1>
<refsect1 id='file-format'>
@@ -439,6 +446,42 @@
<emphasis>hard</emphasis> = Same as
<quote>demand</quote>
</para>
+ <para>
+ Default: hard
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_tls_cacert (string)</term>
+ <listitem>
+ <para>
+ Specifies the file that contains certificates for
+ all of the Certificate Authorities
+ <command>sssd</command> will recognize.
+ </para>
+ <para>
+ Default: use OpenLDAP defaults, typically in
+ /etc/openldap/ldap.conf
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_tls_cacertdir (string)</term>
+ <listitem>
+ <para>
+ Specifies the path of a directory that contains
+ Certificate Authority certificates in separate
+ individual files. Typically the file names need to
+ be the hash of the certificate followed by '.0'.
+ If available <command>cacertdir_rehash</command>
+ can be used to create the correct names.
+ </para>
+ <para>
+ Default: use OpenLDAP defaults, typically in
+ /etc/openldap/ldap.conf
+ </para>
</listitem>
</varlistentry>
generated by cgit (git 2.34.1) at 2024-05-07 23:09:48 +0000