a676e37a84
* Docs are now ordered by STIG ID number to make them easier to browse. * Deployer notes are better organized. * Script + CSV added for automated documentation generation. Implements: blueprint security-hardening Change-Id: Ib87bec701eddf1601574f4e027f301c775e5e1cd
16 lines
666 B
ReStructuredText
16 lines
666 B
ReStructuredText
V-38626: The LDAP client must use a TLS connection using trust certificates signed by the site CA.
|
|
--------------------------------------------------------------------------------------------------
|
|
|
|
The tls_cacertdir or tls_cacertfile directives are required when tls_checkpeer
|
|
is configured (which is the default for openldap versions 2.1 and up). These
|
|
directives define the path to the trust certificates signed by the site CA.
|
|
|
|
Details: `V-38626 in STIG Viewer`_.
|
|
|
|
.. _V-38626 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38626
|
|
|
|
Notes for deployers
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. include:: developer-notes/V-38626.rst
|