mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-26 17:38:45 +01:00
Document ldap_tls_cacertfile and ldap_tls_depth options (EJAB-1299)
This commit is contained in:
parent
7e14b2d46a
commit
cc0aa707c4
@ -2254,6 +2254,16 @@ This option specifies whether to verify LDAP server certificate or not when TLS
|
|||||||
When \term{hard} is enabled \ejabberd{} doesn't proceed if a certificate is invalid.
|
When \term{hard} is enabled \ejabberd{} doesn't proceed if a certificate is invalid.
|
||||||
When \term{soft} is enabled \ejabberd{} proceeds even if check fails.
|
When \term{soft} is enabled \ejabberd{} proceeds even if check fails.
|
||||||
The default is \term{false} which means no checks are performed.
|
The default is \term{false} which means no checks are performed.
|
||||||
|
\titem{\{ldap\_tls\_cacertfile, Path\}} \ind{options!ldap\_tls\_cacertfile}
|
||||||
|
Path to file containing PEM encoded CA certificates. This option is needed
|
||||||
|
(and required) when TLS verification is enabled.
|
||||||
|
\titem{\{ldap\_tls\_depth, Number\}} \ind{options!ldap\_tls\_depth}
|
||||||
|
Specifies the maximum verification depth when TLS verification is enabled,
|
||||||
|
i.e. how far in a chain of certificates the verification process can proceed
|
||||||
|
before the verification is considered to fail.
|
||||||
|
Peer certificate = 0, CA certificate = 1, higher level CA certificate = 2, etc.
|
||||||
|
The value 2 thus means that a chain can at most contain peer cert,
|
||||||
|
CA cert, next CA cert, and an additional CA cert. The default value is 1.
|
||||||
\titem{\{ldap\_port, Number\}} \ind{options!ldap\_port}Port to connect to your LDAP server.
|
\titem{\{ldap\_port, Number\}} \ind{options!ldap\_port}Port to connect to your LDAP server.
|
||||||
The default port is~389 if encryption is disabled; and 636 if encryption is enabled.
|
The default port is~389 if encryption is disabled; and 636 if encryption is enabled.
|
||||||
If you configure a value, it is stored in \ejabberd{}'s database.
|
If you configure a value, it is stored in \ejabberd{}'s database.
|
||||||
|
Loading…
Reference in New Issue
Block a user