SSL support when talking to ADS

1 files changed, 11 insertions, 2 deletions

diff --git a/config/config.example b/config/config.example
index 6ad38a6..574d328 100644
--- a/config/config.example
+++ b/config/config.example
@@ -1,3 +1,4 @@
+# Configure an ADS we proxy. hostname will be the section name
 [dc0.example.com]
 # bind DN towards this AD if client doesn't specify one
 binddn=CN=blabla,OU=Foo,DC=public,DC=ads,DC=example,DC=com
@@ -7,7 +8,15 @@ bindpw=geheim
 base=DC=public,DC=ads,DC=example,DC=com
 # optional: template for home directory mount point to pass to client. use %s as the users account name. only used if AD doesn't supply the homeDirectory attribute (or it doesn't contain a UNC path)
 home=\\windows-server\users\%s
-# For using SSL between client and proxy, uncomment these. For plaintext, remove or comment out
+# Set this to use SSL when talking to the ADS. SSL is not enabled by default, so make sure your ADS has it.
+fingerprint=76:EC:9D:18:99:0D:8F:E1:99:D2:07:09:48:DF:82:4F:28:47:32:14
+# Optinally set remote port. Default is 3268 for plain connection, 636 for SSL connection.
+port=6666
+
+# Configure the proxy)
+[local]
+# Local TCP port to listen on
+port=1234
+# For using SSL between client and proxy, set these. For plaintext, remove or comment out
 cert=/my/cert.pem
 privkey=/my/privatekey.pem
-