diff --git a/doc/guide.tex b/doc/guide.tex index 7ba14a56d..248e2d454 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -2254,6 +2254,16 @@ This option specifies whether to verify LDAP server certificate or not when TLS When \term{hard} is enabled \ejabberd{} doesn't proceed if a certificate is invalid. When \term{soft} is enabled \ejabberd{} proceeds even if check fails. The default is \term{false} which means no checks are performed. +\titem{\{ldap\_tls\_cacertfile, Path\}} \ind{options!ldap\_tls\_cacertfile} +Path to file containing PEM encoded CA certificates. This option is needed +(and required) when TLS verification is enabled. +\titem{\{ldap\_tls\_depth, Number\}} \ind{options!ldap\_tls\_depth} +Specifies the maximum verification depth when TLS verification is enabled, +i.e. how far in a chain of certificates the verification process can proceed +before the verification is considered to fail. +Peer certificate = 0, CA certificate = 1, higher level CA certificate = 2, etc. +The value 2 thus means that a chain can at most contain peer cert, +CA cert, next CA cert, and an additional CA cert. The default value is 1. \titem{\{ldap\_port, Number\}} \ind{options!ldap\_port}Port to connect to your LDAP server. The default port is~389 if encryption is disabled; and 636 if encryption is enabled. If you configure a value, it is stored in \ejabberd{}'s database.