diff options
| author | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2011-07-13 09:57:01 +0400 |
|---|---|---|
| committer | Evgeniy Khramtsov <ekhramtsov@process-one.net> | 2011-07-13 09:57:01 +0400 |
| commit | cc0aa707c4bdb7177ce29c57d15f4bb503b30702 (patch) | |
| tree | 9855a699aab9035a388b2e0d1a50ab6884bf3a27 /doc | |
| parent | 7e14b2d46a2209afcd5d17b363ffb541466618ed (diff) | |
Document ldap_tls_cacertfile and ldap_tls_depth options (EJAB-1299)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/guide.tex | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/guide.tex b/doc/guide.tex index 7ba14a56d..248e2d454 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -2254,6 +2254,16 @@ This option specifies whether to verify LDAP server certificate or not when TLS When \term{hard} is enabled \ejabberd{} doesn't proceed if a certificate is invalid. When \term{soft} is enabled \ejabberd{} proceeds even if check fails. The default is \term{false} which means no checks are performed. +\titem{\{ldap\_tls\_cacertfile, Path\}} \ind{options!ldap\_tls\_cacertfile} +Path to file containing PEM encoded CA certificates. This option is needed +(and required) when TLS verification is enabled. +\titem{\{ldap\_tls\_depth, Number\}} \ind{options!ldap\_tls\_depth} +Specifies the maximum verification depth when TLS verification is enabled, +i.e. how far in a chain of certificates the verification process can proceed +before the verification is considered to fail. +Peer certificate = 0, CA certificate = 1, higher level CA certificate = 2, etc. +The value 2 thus means that a chain can at most contain peer cert, +CA cert, next CA cert, and an additional CA cert. The default value is 1. \titem{\{ldap\_port, Number\}} \ind{options!ldap\_port}Port to connect to your LDAP server. The default port is~389 if encryption is disabled; and 636 if encryption is enabled. If you configure a value, it is stored in \ejabberd{}'s database. |