forked from johnstonjs/easyldap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
02-letsencrypt.ldif
43 lines (43 loc) · 2.07 KB
/
02-letsencrypt.ldif
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Configure SSL certificates for TheShire LDAP
# use with ~$ sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f 02-letsencrypt.ldif
#
dn: cn=config
# TLSCACertificateFile <filename>
# Specifies the file that contains certificates for all of the
# Certificate Authorities that slapd will recognize. The
# certificate for the CA that signed the server certificate must
# be included among these certificates. If the signing CA was not
# a top-level (root) CA, certificates for the entire sequence of
# CA's from the signing CA to the top-level CA should be present.
# Multiple certificates are simply appended to the file; the order
# is not significant.
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/letsencrypt/live/ldap.example.com/fullchain.pem
-
# TLSCertificateFile <filename>
# Specifies the file that contains the slapd server certificate.
#
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/letsencrypt/live/ldap.example.com/cert.pem
-
# TLSCertificateKeyFile <filename>
# Specifies the file that contains the slapd server private key
# that matches the certificate stored in the TLSCertificateFile
# file. Currently, the private key must not be protected with a
# password, so it is of critical importance that it is protected
# carefully.
#
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/letsencrypt/live/ldap.example.com/privkey.pem
-
# TLSCACertificatePath <path>
# Specifies the path of a directory that contains Certificate
# Authority certificates in separate individual files. Usually
# only one of this or the TLSCACertificateFile is used. This
# directive is not supported when using GnuTLS.
#
# Note: This is likely ignored on TheShire LDAP as Ubuntu uses GnuTLS, but
# is included for thoroughness
#
add: olcTLSCACertificatePath
olcTLSCACertificatePath: /usr/share/ca-certificates/mozilla