From ecce801d45404b8797992a55c8595f3dcd17ffe6 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sun, 5 Jul 2009 13:08:28 +0000
Subject: [PATCH] added ldap.conf setup

---
 lam/docs/README.security.txt | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/lam/docs/README.security.txt b/lam/docs/README.security.txt
index c1b4d174..05f1deeb 100644
--- a/lam/docs/README.security.txt
+++ b/lam/docs/README.security.txt
@@ -6,10 +6,20 @@
    protect yourself against network sniffers.
 
 
-2. LDAP+SSL and TLS
+2. LDAP with SSL and TLS
 
-   LAM should start TLS automatically if possible. LDAP+SSL will be used if you use
-   ldaps://servername in your configuration profile.
+   SSL will be used if you use ldaps://servername in your configuration profile.
+   TLS can be activated with the "Activate TLS" option.
+
+   You will need to setup ldap.conf to trust your server certificate. Some installations
+   use /etc/ldap.conf and some use /etc/ldap/ldap.conf. It is a good idea to symlink
+   /etc/ldap.conf to /etc/ldap/ldap.conf.
+   Specify the server CA certificate with the following option:
+
+   TLS_CACERT /etc/ldap/ca/myCA/cacert.pem
+
+   This needs to be the public part of the signing certificate authority. See "man ldap.conf"
+   for additional options.
 
 
 3. Chrooted servers