#

[0] Fix | Delete

# LDAP Defaults

[1] Fix | Delete

#

[2] Fix | Delete

[3] Fix | Delete

# See ldap.conf(5) for details

[4] Fix | Delete

# This file should be world readable but not world writable.

[5] Fix | Delete

[6] Fix | Delete

#BASE dc=example,dc=com

[7] Fix | Delete

#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

[8] Fix | Delete

[9] Fix | Delete

#SIZELIMIT 12

[10] Fix | Delete

#TIMELIMIT 15

[11] Fix | Delete

#DEREF never

[12] Fix | Delete

[13] Fix | Delete

# When no CA certificates are specified the Shared System Certificates

[14] Fix | Delete

# are in use. In order to have these available along with the ones specified

[15] Fix | Delete

# by TLS_CACERTDIR one has to include them explicitly:

[16] Fix | Delete

#TLS_CACERT /etc/pki/tls/cert.pem

[17] Fix | Delete

[18] Fix | Delete

# System-wide Crypto Policies provide up to date cipher suite which should

[19] Fix | Delete

# be used unless one needs a finer grinded selection of ciphers. Hence, the

[20] Fix | Delete

# PROFILE=SYSTEM value represents the default behavior which is in place

[21] Fix | Delete

# when no explicit setting is used. (see openssl-ciphers(1) for more info)

[22] Fix | Delete

#TLS_CIPHER_SUITE PROFILE=SYSTEM

[23] Fix | Delete

[24] Fix | Delete

# Turning this off breaks GSSAPI used with krb5 when rdns = false

[25] Fix | Delete

SASL_NOCANON on

[26] Fix | Delete

[27] Fix | Delete

[28] Fix | Delete