V-38625: If the system is using LDAP for authentication or account information, the system must use a TLS connection using FIPS 140-2 approved cryptographic algorithms.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

The ssl directive specifies whether to use ssl or not. If not specified it
will default to "no". It should be set to "start_tls" rather than doing LDAP
over SSL.

Details: `V-38625 in STIG Viewer`_.

.. _V-38625 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38625

Notes for deployers
~~~~~~~~~~~~~~~~~~~

.. include:: developer-notes/V-38625.rst