Skip to content

Instantly share code, notes, and snippets.

@guedressel
Created April 28, 2016 09:49
Show Gist options
  • Save guedressel/71d3e7f2baa0adce273112a27f850cb0 to your computer and use it in GitHub Desktop.
Save guedressel/71d3e7f2baa0adce273112a27f850cb0 to your computer and use it in GitHub Desktop.
Enabling TLS support in slapd (OpenLDAP)
dn: cn=config
changetype: modify
# Security - TLS section
add: olcTLSCertificateFile
olcTLSCertificateFile: /path/cert_bundle.crt
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /path/cert.rsa.key
-
add: olcTLSDHParamFile
olcTLSDHParamFile: /path/dhparam.pem
-
add: olcTLSProtocolMin
olcTLSProtocolMin: 3.1
-
add: olcTLSCipherSuite
olcTLSCipherSuite: SECURE256:!AES-128-CBC:!ARCFOUR-128:!CAMELLIA-128-CBC:!3DES-CBC:!CAMELLIA-128-CBC
-
# the following directive is the default but
# is explicitly included for visibility reasons
add: olcTLSVerifyClient
olcTLSVerifyClient: never
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment