# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE	dc=example, dc=com
#HOST	ldap.example.com ldap-master.example.com
#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never

# SSL/TSL configuration. With CA-signed certs, TLS_REQCERT should be
# "demand", with the CA certificate accessible
#TLS_REQCERT    ([demand],never,allow,try)
# We ship with allow by default as some LDAP clients (e.g. evolution) have
# no interactive SSL configuration
TLS_REQCERT     allow

# CA Certificate locations
# Use the default self-signed cert generated by openldap-server postinstall
# by default
TLS_CACERT      /etc/pki/tls/certs/ldap.pem

# If requiring support for certificates signed by all CAs (noting risks
# pam_ldap if doing DNS-based suffix lookup etc.
#TLS_CACERTDIR	/etc/pki/tls/rootcerts