From d969b11020253ede6e8cf5cfa42ce21ab5791081 Mon Sep 17 00:00:00 2001
From: Paul Wise
Date: Mon, 15 Aug 2016 15:58:58 +0800
Subject: [PATCH 1/1] Suggest using TLS when connecting to LDAP directly
Avoids manipulation of information by the network.
---
html/doc-direct.wml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/html/doc-direct.wml b/html/doc-direct.wml
index da7912a..2a08180 100644
--- a/html/doc-direct.wml
+++ b/html/doc-direct.wml
@@ -17,12 +17,12 @@ The LDAP utilities package (\
ldap-utils) provides an utility called ldapsearch that can be used
to execute direct queries to the database. This is done by supplying
the following arguments to ldapsearch: -x -H
-ldap://db.debian.org -b dc=debian,dc=org. Alternatively, the
+ldaps://db.debian.org -b dc=debian,dc=org. Alternatively, the
-H and -b options can be put in
one's ~/.ldaprc, in the following form:
[ dbharris@people: ~/ ]$ cat ~/.ldaprc
-HOST db.debian.org
+URI ldaps://db.debian.org
BASE dc=debian,dc=org
@@ -47,7 +47,7 @@ return. If you only specify the query, but don't provide any attributes to
return, all readable attributes are returned. While the example was quite
simple, complex queries can be performed as well:
-[ dbharris@people: ~/ ]$ ldapsearch -x -H ldap://db.debian.org -b dc=debian,dc=org '(&(!(loginshell=/bin/bash))(uid=*))' loginshell
+[ dbharris@people: ~/ ]$ ldapsearch -x -H ldaps://db.debian.org -b dc=debian,dc=org '(&(!(loginshell=/bin/bash))(uid=*))' loginshell
--
2.20.1