From f70a7dbbdd984a894b61983f0c3621a8fc62edaa Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Thu, 3 Mar 2016 08:19:18 +0100
Subject: [PATCH] Postfix should check the LDAP certficate as well.

---
 roles/mail/templates/postfix/ldap-aliases.cf.j2      | 4 ++--
 roles/mail/templates/postfix/ldap-virtual-maps.cf.j2 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/mail/templates/postfix/ldap-aliases.cf.j2 b/roles/mail/templates/postfix/ldap-aliases.cf.j2
index 696ef38..589885d 100644
--- a/roles/mail/templates/postfix/ldap-aliases.cf.j2
+++ b/roles/mail/templates/postfix/ldap-aliases.cf.j2
@@ -1,6 +1,6 @@
 server_host = {{ ldap_uri }}
-#tls_ca_cert_file = TODO
-#tls_require_cert = yes
+tls_ca_cert_file = {{ ldap_ca }}
+tls_require_cert = yes
 bind = yes
 bind_dn = {{ ldap_binddn }}
 bind_pw = {{ ldap_bindpw }}
diff --git a/roles/mail/templates/postfix/ldap-virtual-maps.cf.j2 b/roles/mail/templates/postfix/ldap-virtual-maps.cf.j2
index b648fc1..0bd9d3a 100644
--- a/roles/mail/templates/postfix/ldap-virtual-maps.cf.j2
+++ b/roles/mail/templates/postfix/ldap-virtual-maps.cf.j2
@@ -1,6 +1,6 @@
 server_host = {{ ldap_uri }}
-#tls_ca_cert_file = TODO
-#tls_require_cert = yes
+tls_ca_cert_file = {{ ldap_ca }}
+tls_require_cert = yes
 bind = yes
 bind_dn = {{ ldap_binddn }}
 bind_pw = {{ ldap_bindpw }}