[pve-devel] SPAM: [PATCH docs] pveum: Add information about realm certificates

Dominic Jäger d.jaeger at proxmox.com
Thu Oct 15 12:00:19 CEST 2020


As explained by Dominik and Fabian [0].

[0] https://bugzilla.proxmox.com/show_bug.cgi?id=2827

Signed-off-by: Dominic Jäger <d.jaeger at proxmox.com>
---
 pveum.adoc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pveum.adoc b/pveum.adoc
index 4fbaa86..57e1b37 100644
--- a/pveum.adoc
+++ b/pveum.adoc
@@ -163,6 +163,11 @@ configured via the `bind_dn` property in `/etc/pve/domains.cfg`. Its
 password then has to be stored in `/etc/pve/priv/ldap/<realmname>.pw`
 (e.g. `/etc/pve/priv/ldap/my-ldap.pw`). This file should contain a
 single line containing the raw password.
++
+To verify certificates, it is necessary to set `capath`, either directly to the 
+CA certificate of your LDAP server, or to the system path containing all 
+trusted CA certificates (`/etc/ssl/certs`).
+Additionally, the `verify` option has to be set.
 
 Microsoft Active Directory::
 
-- 
2.20.1





More information about the pve-devel mailing list