Make LDAP CA cert file a variable.
This commit is contained in:
parent
4f5558528e
commit
1cdb5750dc
@ -1,5 +1,6 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
|
ldap_ca: /etc/ssl/BKCA.crt
|
||||||
ldap_uri: ldaps://ldap.binary.kitchen/
|
ldap_uri: ldaps://ldap.binary.kitchen/
|
||||||
ldap_host: ldap.binary.kitchen
|
ldap_host: ldap.binary.kitchen
|
||||||
ldap_base: dc=binary-kitchen,dc=de
|
ldap_base: dc=binary-kitchen,dc=de
|
||||||
|
@ -32,4 +32,4 @@ base shadow {{ nslcd_base_shadow }}
|
|||||||
|
|
||||||
# SSL options
|
# SSL options
|
||||||
tls_reqcert demand
|
tls_reqcert demand
|
||||||
tls_cacertfile /etc/ssl/BKCA.crt
|
tls_cacertfile {{ ldap_ca }}
|
||||||
|
@ -45,14 +45,14 @@ dnpass = {{ ldap_bindpw }}
|
|||||||
# Use TLS to connect to the LDAP server.
|
# Use TLS to connect to the LDAP server.
|
||||||
tls = yes
|
tls = yes
|
||||||
# TLS options, currently supported only with OpenLDAP:
|
# TLS options, currently supported only with OpenLDAP:
|
||||||
#tls_ca_cert_file = TODO
|
tls_ca_cert_file = {{ ldap_ca }}
|
||||||
#tls_ca_cert_dir =
|
#tls_ca_cert_dir =
|
||||||
#tls_cipher_suite =
|
#tls_cipher_suite =
|
||||||
# TLS cert/key is used only if LDAP server requires a client certificate.
|
# TLS cert/key is used only if LDAP server requires a client certificate.
|
||||||
#tls_cert_file =
|
#tls_cert_file =
|
||||||
#tls_key_file =
|
#tls_key_file =
|
||||||
# Valid values: never, hard, demand, allow, try
|
# Valid values: never, hard, demand, allow, try
|
||||||
#tls_require_cert = TODO
|
tls_require_cert = demand
|
||||||
|
|
||||||
# Use the given ldaprc path.
|
# Use the given ldaprc path.
|
||||||
#ldaprc_path =
|
#ldaprc_path =
|
||||||
|
Loading…
Reference in New Issue
Block a user