Merge branch 'ldap-tls' into 'develop'

LDAP: permit overriding the CA root, improve SSL/TLS See merge request pleroma/pleroma!4265
2024-09-16 15:50:58 +00:00 · 2024-09-16 15:50:58 +00:00 · 3a0d4e9837
commit 3a0d4e9837
parent 8250a9764e 91d1d7260b
6 changed files with 58 additions and 29 deletions
--- a/config/config.exs
+++ b/config/config.exs
@ -619,7 +619,9 @@ config :pleroma, :ldap,
  tls: System.get_env("LDAP_TLS") == "true",
  tlsopts: [],
  base: System.get_env("LDAP_BASE") || "dc=example,dc=com",
-  uid: System.get_env("LDAP_UID") || "cn"
+  uid: System.get_env("LDAP_UID") || "cn",
+  # defaults to CAStore's Mozilla roots
+  cacertfile: nil

 oauth_consumer_strategies =
  System.get_env("OAUTH_CONSUMER_STRATEGIES")