@@ -197,28 +197,31 @@ If you already have a check_password.conf or ppm.conf in /etc/openldap/ the foll
197197
198198#### TLS options
199199
200- | Variable | Description | Default |
201- | ----------------------- | ------------------------------------------------------------------ | ----------------------------------------- |
202- | ` ENABLE_TLS ` | Add TLS capabilities. Can't be removed once set to ` TRUE ` . | ` true ` |
203- | ` TLS_CA_NAME ` | Selfsigned CA Name | ` ldap-selfsigned-ca ` |
204- | ` TLS_CA_SUBJECT ` | Selfsigned CA Subject | ` /C=XX/ST=LDAP/L=LDAP/O=LDAP/CN= ` |
205- | ` TLS_CA_CRT_SUBJECT ` | SelfSigned CA Cert Sujbject | ` ${TLS_CA_SUBJECT}${TLS_CA_NAME} ` |
206- | ` TLS_CA_CRT_FILENAME ` | CA Cert filename | ` ${TLS_CA_AME}.crt ` |
207- | ` TLS_CA_KEY_FILENAME ` | CA Key filename | ` ${TLS_CA_NAME}.key ` |
208- | ` TLS_CA_CRT_PATH ` | CA Certificates path | ` /certs/${TLS_CA_NAME}/ ` |
209- | ` TLS_CIPHER_SUITE ` | Cipher Suite to use | ` HIGH:!aNULL:!MD5:!3DES:!RC4:!DES:!eNULL ` |
210- | ` TLS_CREATE_CA ` | Automatically create CA when generating certificates | ` TRUE ` |
211- | ` TLS_CRT_FILENAME ` | TLS cert filename | ` cert.pem ` |
212- | ` TLS_CRT_PATH ` | TLS cert path | ` /certs/ ` |
213- | ` TLS_ENABLE_DH_PARAM ` | Enable DH Param Functionality | ` TRUE ` |
214- | ` TLS_DH_PARAM_FILENAME ` | DH Param filename | ` dhparam.pem ` |
215- | ` TLS_DH_PARAM_KEYSIZE ` | Keysize for DH Param | ` 2048 ` |
216- | ` TLS_DH_PARAM_PATH ` | DH Param path | ` /certs/ ` |
217- | ` TLS_ENFORCE ` | Enforce TLS Usage | ` FALSE ` |
218- | ` TLS_KEY_FILENAME ` | TLS Key filename | ` key.pem ` |
219- | ` TLS_KEY_PATH ` | TLS Key path | ` /certs/ ` |
220- | ` TLS_RESET_PERMISSIONS ` | Change permissions on certificate directories for OpenLDAP to read | ` TRUE ` |
221- | ` TLS_VERIFY_CLIENT ` | TLS verify client. | ` try ` |
200+ | Variable | Description | Default |
201+ | ----------------------- | ------------------------------------------------------------------------- | ----------------------------------------- |
202+ | ` ENABLE_TLS ` | Add TLS capabilities. Can't be removed once set to ` TRUE ` . | ` true ` |
203+ | ` TLS_CA_NAME ` | Selfsigned CA Name | ` ldap-selfsigned-ca ` |
204+ | ` TLS_CA_SUBJECT ` | Selfsigned CA Subject | ` /C=XX/ST=LDAP/L=LDAP/O=LDAP/CN= ` |
205+ | ` TLS_CA_CERT_SUBJECT ` | SelfSigned CA Cert Sujbject | ` ${TLS_CA_SUBJECT}${TLS_CA_NAME} ` |
206+ | ` TLS_CA_CERT_FILENAME ` | CA Cert filename | ` ${TLS_CA_AME}.crt ` |
207+ | ` TLS_CA_KEY_FILENAME ` | CA Key filename | ` ${TLS_CA_NAME}.key ` |
208+ | ` TLS_CA_CERT_PATH ` | CA Certificates path | ` /certs/${TLS_CA_NAME}/ ` |
209+ | ` TLS_CIPHER_SUITE ` | Cipher Suite to use | ` HIGH:!aNULL:!MD5:!3DES:!RC4:!DES:!eNULL ` |
210+ | ` TLS_CREATE_SELFSIGNED ` | Automatically create locally signed CA, cert and key if they do not exist | ` TRUE ` |
211+ | ` TLS_CERT_FILENAME ` | TLS cert filename | ` cert.pem ` |
212+ | ` TLS_CERT_PATH ` | TLS cert path | ` /certs/ ` |
213+ | ` TLS_ENABLE_DH_PARAM ` | Enable DH Param Functionality | ` TRUE ` |
214+ | ` TLS_DH_PARAM_FILENAME ` | DH Param filename | ` dhparam.pem ` |
215+ | ` TLS_DH_PARAM_KEYSIZE ` | Keysize for DH Param | ` 2048 ` |
216+ | ` TLS_DH_PARAM_PATH ` | DH Param path | ` /certs/ ` |
217+ | ` TLS_ENFORCE ` | Enforce TLS Usage | ` FALSE ` |
218+ | ` TLS_KEY_FILENAME ` | TLS Key filename | ` key.pem ` |
219+ | ` TLS_KEY_PATH ` | TLS Key path | ` /certs/ ` |
220+ | ` TLS_RESET_PERMISSIONS ` | Change permissions on certificate directories for OpenLDAP to read | ` TRUE ` |
221+ | ` TLS_VERIFY_CLIENT ` | TLS verify client. | ` try ` |
222+
223+ >> Changing TLS Options are best done manually upon initial image deployment
224+
222225
223226 Help: http://www.openldap.org/doc/admin26/tls.html
224227
0 commit comments