diff options
| author | Alex Auvolat <alex@adnab.me> | 2020-01-27 16:08:35 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2020-01-27 16:08:35 +0100 |
| commit | 66c64797706a2e62424c3523564b99f0597cde03 (patch) | |
| tree | de26c8cba65fba1c4eb08d2c150f9394e1e23f9b /README.md | |
| parent | 8a605f44b017621eb2bd739d6c7c1de213d7a13f (diff) | |
| download | bottin-66c64797706a2e62424c3523564b99f0597cde03.tar.gz bottin-66c64797706a2e62424c3523564b99f0597cde03.zip | |
Implement TLS mechanisms correctly, I hope
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 18 |
1 files changed, 12 insertions, 6 deletions
@@ -51,12 +51,18 @@ Change this by setting the `bind_address` key in the json config file. ## TLS -`gobottin` supports SSL connections using the STARTTLS LDAP functionnality. -To use it, specify the following three keys in the json config file: - -- `ssl_server_name`: the host name that clients will use to reach your LDAP server -- `ssl_cert_file`: path to your SSL certificate (a `.pem` file) -- `ssl_key_file`: path to your SSL key (a `.pem` file) +`gobottin` supports TLS connections either as a mandatory default for all +connections or using the STARTLS functionnality of the LDAP protocol. To use +it, specify the following three keys in the json config file: + +- `tls_server_name`: the host name that clients will use to reach your LDAP server +- `tls_cert_file`: path to your TLS certificate (a `.pem` file) +- `tls_key_file`: path to your TLS key (a `.pem` file) + +Specify `"use_starttls": true` to allow connections to start as insecure +connections and allow them to use the STARTTLS mechanism to upgrade to a secure +connection. If `use_starttls` is not specified or set to `false`, TLS is made +mandatory for all clients. ## Access control list |