TLSCipherSuite         { $ldap{CipherSuite} || $modSSL{CipherSuite} || 'ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:HIGH@STRENGTH:!SSLv2:!ADH:!aNULL:!MD5:!RC4' }
TLSProtocolMin         { my $TLSProtocolMin = $ldap{TLSProtocolMin} || 'TLSv1.2';
if ( $TLSProtocolMin eq 'SSLv3' ){
        $OUT = " 3.0";
} elsif ( $TLSProtocolMin eq 'TLSv1.0' || $TLSProtocolMin eq 'TLSv1' ){
        $OUT = " 3.1";
} elsif ( $TLSProtocolMin eq 'TLSv1.1' ){
        $OUT = " 3.2";
} elsif ( $TLSProtocolMin eq 'TLSv1.2' ){
        $OUT = " 3.3";
}
}
TLSCACertificateFile   /etc/openldap/ssl/slapd.pem
TLSCertificateFile     /etc/openldap//ssl/slapd.pem
TLSCertificateKeyFile  /etc/openldap/ssl/slapd.pem
TLSVerifyClient        never