# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE	dc=example, dc=com
#URI	ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT	12
#TIMELIMIT	15
#DEREF		never

TLS_CACERTDIR /etc/openldap/cacerts

#TLS_CACERT rootcert.pem
TLS_CACERT /etc/openldap/cacerts/rootcert.pem

#TLS_CACERT <filename>
#TLS_CACERTDIR <path>
#TLS_CERT <filename>
#TLS_KEY <filename>

#TLS_REQCERT <level>
#              Specifies what checks to perform on server certificates in a TLS
#              session, if any. The <level> can be specified as one of the fol-
#              lowing keywords:
#
#              never  The  client will not request or check any server certifi-
#                     cate.
#
#              allow  The server certificate is requested. If no certificate is
#                     provided,  the  session  proceeds normally. If a bad cer-
#                     tificate is provided, it will be ignored and the  session
#                     proceeds normally.
#
#              try    The server certificate is requested. If no certificate is
#                     provided, the session proceeds normally. If  a  bad  cer-
#                     tificate  is  provided, the session is immediately termi-
#                     nated.
#
#              demand | hard
#                     These keywords are equivalent. The server certificate  is
#                     requested.  If  no certificate is provided, or a bad cer-
#                     tificate is provided, the session is  immediately  termi-
#                     nated. This is the default setting.
#