25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00

Document ldap_tls_cacertfile and ldap_tls_depth options (EJAB-1299)

This commit is contained in:
Evgeniy Khramtsov 2011-07-13 15:57:01 +10:00
parent 7e14b2d46a
commit cc0aa707c4

View File

@ -2254,6 +2254,16 @@ This option specifies whether to verify LDAP server certificate or not when TLS
When \term{hard} is enabled \ejabberd{} doesn't proceed if a certificate is invalid.
When \term{soft} is enabled \ejabberd{} proceeds even if check fails.
The default is \term{false} which means no checks are performed.
\titem{\{ldap\_tls\_cacertfile, Path\}} \ind{options!ldap\_tls\_cacertfile}
Path to file containing PEM encoded CA certificates. This option is needed
(and required) when TLS verification is enabled.
\titem{\{ldap\_tls\_depth, Number\}} \ind{options!ldap\_tls\_depth}
Specifies the maximum verification depth when TLS verification is enabled,
i.e. how far in a chain of certificates the verification process can proceed
before the verification is considered to fail.
Peer certificate = 0, CA certificate = 1, higher level CA certificate = 2, etc.
The value 2 thus means that a chain can at most contain peer cert,
CA cert, next CA cert, and an additional CA cert. The default value is 1.
\titem{\{ldap\_port, Number\}} \ind{options!ldap\_port}Port to connect to your LDAP server.
The default port is~389 if encryption is disabled; and 636 if encryption is enabled.
If you configure a value, it is stored in \ejabberd{}'s database.