upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-28 10:39:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#9071 Document "tls none" for back-ldap

Browse source
This commit is contained in:
Ondřej Kuzník 2019-08-30 14:02:20 +01:00
parent e192a0e544
commit 5b304a3ae6
1 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
doc/man/man5/slapd-ldap.5
View file

@ -584,7 +584,7 @@ is used.
.HP
.hy 0
.B tls {[try\-]start|[try\-]propagate|ldaps}
.B tls {none|[try\-]start|[try\-]propagate|ldaps}
.B [starttls=no]
.B [tls_cert=<file>]
.B [tls_key=<file>]
@ -594,12 +594,13 @@ is used.
.B [tls_cipher_suite=<ciphers>]
.B [tls_crlcheck=none|peer|all]
.RS
Specify the use of TLS when a regular connection is initialized. The
StartTLS extended operation will be used unless the URI directive protocol
scheme is \fBldaps://\fP. In that case this keyword may only be
set to "ldaps" and the StartTLS operation will not be used.
\fBpropagate\fP issues the StartTLS operation only if the original
connection did.
Specify TLS settings for regular connections.
The first parameter only applies to \fBldap://\fP connections and so
at the moment, \fBnone\fP and \fBldaps\fP are equivalent.
With \fBpropagate\fP, the proxy issues StartTLS operation only if
the original connection has a TLS layer set up.
The \fBtry\-\fP prefix instructs the proxy to continue operations
if the StartTLS operation failed; its use is \fBnot\fP recommended.