# The sample ldap.conf that comes with nss_ldap (and is installed in # /etc/ldap.conf on Red Hat) has much more extensive comments. This just # shows the basics necessary for nss_ldap to work. # Your LDAP server. Must be resolvable without using LDAP. Hostnames need # not match the hostname in the CN field of the SSL certificate on server. host ldap1.example.com ldap2.example.com # The distinguished name of the search base. base dc=example,dc=com # OpenLDAP SSL mechanism # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 ssl start_tls # OpenLDAP SSL options # Require and verify server certificate (yes/no) # Default is "no" tls_checkpeer yes # CA certificates for server certificate verification # At least one of these are required if tls_checkpeer is "yes" tls_cacertfile /etc/ssl/ca.pem #tls_cacertdir /etc/ssl/certs