From d969b11020253ede6e8cf5cfa42ce21ab5791081 Mon Sep 17 00:00:00 2001
From: Paul Wise <pabs@debian.org>
Date: Mon, 15 Aug 2016 15:58:58 +0800
Subject: [PATCH] Suggest using TLS when connecting to LDAP directly

Avoids manipulation of information by the network.
---
 html/doc-direct.wml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/html/doc-direct.wml b/html/doc-direct.wml
index da7912a..2a08180 100644
--- a/html/doc-direct.wml
+++ b/html/doc-direct.wml
@@ -17,12 +17,12 @@ The LDAP utilities package (<a href="https://packages.debian.org/ldap-utils">\
 ldap-utils</a>) provides an utility called ldapsearch that can be used
 to execute direct queries to the database. This is done by supplying
 the following arguments to ldapsearch: <strong>-x -H
-ldap://db.debian.org -b dc=debian,dc=org</strong>. Alternatively, the
+ldaps://db.debian.org -b dc=debian,dc=org</strong>. Alternatively, the
 <strong>-H</strong> and <strong>-b</strong> options can be put in
 one's ~/.ldaprc, in the following form:
 </p><pre>
 [ dbharris@people: ~/ ]$ cat ~/.ldaprc
-HOST db.debian.org
+URI ldaps://db.debian.org
 BASE dc=debian,dc=org
 </pre>
 
@@ -47,7 +47,7 @@ return. If you only specify the query, but don't provide any attributes to
 return, all readable attributes are returned. While the example was quite
 simple, complex queries can be performed as well:
 </p><pre>
-[ dbharris@people: ~/ ]$ ldapsearch -x -H ldap://db.debian.org -b dc=debian,dc=org '(&amp;(!(loginshell=/bin/bash))(uid=*))' loginshell
+[ dbharris@people: ~/ ]$ ldapsearch -x -H ldaps://db.debian.org -b dc=debian,dc=org '(&amp;(!(loginshell=/bin/bash))(uid=*))' loginshell
 </pre>
 
 <p>
-- 
2.20.1