From c5cf9b4e6df80fbf3648cbeb1d561c55fe54816e Mon Sep 17 00:00:00 2001 From: Evgeniy Khramtsov Date: Wed, 13 Jul 2011 15:57:01 +1000 Subject: [PATCH] Document ldap_tls_cacertfile and ldap_tls_depth options (EJAB-1299) --- doc/guide.tex | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/guide.tex b/doc/guide.tex index 0f6bad61f..5ddfba38c 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -2309,6 +2309,16 @@ This option specifies whether to verify LDAP server certificate or not when TLS When \term{hard} is enabled \ejabberd{} doesn't proceed if a certificate is invalid. When \term{soft} is enabled \ejabberd{} proceeds even if check fails. The default is \term{false} which means no checks are performed. +\titem{\{ldap\_tls\_cacertfile, Path\}} \ind{options!ldap\_tls\_cacertfile} +Path to file containing PEM encoded CA certificates. This option is needed +(and required) when TLS verification is enabled. +\titem{\{ldap\_tls\_depth, Number\}} \ind{options!ldap\_tls\_depth} +Specifies the maximum verification depth when TLS verification is enabled, +i.e. how far in a chain of certificates the verification process can proceed +before the verification is considered to fail. +Peer certificate = 0, CA certificate = 1, higher level CA certificate = 2, etc. +The value 2 thus means that a chain can at most contain peer cert, +CA cert, next CA cert, and an additional CA cert. The default value is 1. \titem{\{ldap\_port, Number\}} \ind{options!ldap\_port}Port to connect to your LDAP server. The default port is~389 if encryption is disabled; and 636 if encryption is enabled. If you configure a value, it is stored in \ejabberd{}'s database.