# # LDAP CERN Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE DC=cern,DC=ch #note cerndc provides gssapi auth, xldap does not. #HOST cerndc.cern.ch # or xldap.cern.ch #SIZELIMIT 12 #DEREF always TLS_CACERTDIR /etc/openldap/certs TLS_REQCERT demand SSL start_tls # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on