From: Dominic Jäger <d.jaeger@proxmox.com>
Date: Thu, 15 Oct 2020 10:00:19 +0000 (+0200)
Subject: SPAM: [PATCH docs] pveum: Add information about realm certificates
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=0fb9147a6559adb2890ef028c58b3206cf4211b7;p=pve-docs.git

SPAM: [PATCH docs] pveum: Add information about realm certificates

As explained by Dominik and Fabian [0].

[0] https://bugzilla.proxmox.com/show_bug.cgi?id=2827

Signed-off-by: Dominic Jäger <d.jaeger@proxmox.com>
---

diff --git a/pveum.adoc b/pveum.adoc
index 4fbaa86..57e1b37 100644
--- a/pveum.adoc
+++ b/pveum.adoc
@@ -163,6 +163,11 @@ configured via the `bind_dn` property in `/etc/pve/domains.cfg`. Its
 password then has to be stored in `/etc/pve/priv/ldap/<realmname>.pw`
 (e.g. `/etc/pve/priv/ldap/my-ldap.pw`). This file should contain a
 single line containing the raw password.
++
+To verify certificates, it is necessary to set `capath`, either directly to the 
+CA certificate of your LDAP server, or to the system path containing all 
+trusted CA certificates (`/etc/ssl/certs`).
+Additionally, the `verify` option has to be set.
 
 Microsoft Active Directory::