Have ldap-server offer ldaps connections.
This commit is contained in:
parent
157577dfcb
commit
749991b39a
|
|
@ -0,0 +1,45 @@
|
|||
# Default location of the slapd.conf file or slapd.d cn=config directory. If
|
||||
# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
|
||||
# /etc/ldap/slapd.conf).
|
||||
SLAPD_CONF=
|
||||
|
||||
# System account to run the slapd server under. If empty the server
|
||||
# will run as root.
|
||||
SLAPD_USER="openldap"
|
||||
|
||||
# System group to run the slapd server under. If empty the server will
|
||||
# run in the primary group of its user.
|
||||
SLAPD_GROUP="openldap"
|
||||
|
||||
# Path to the pid file of the slapd server. If not set the init.d script
|
||||
# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by
|
||||
# default)
|
||||
SLAPD_PIDFILE=
|
||||
|
||||
# slapd normally serves ldap only on all TCP-ports 389. slapd can also
|
||||
# service requests on TCP-port 636 (ldaps) and requests via unix
|
||||
# sockets.
|
||||
# Example usage:
|
||||
# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
|
||||
SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
|
||||
|
||||
# If SLAPD_NO_START is set, the init script will not start or restart
|
||||
# slapd (but stop will still work). Uncomment this if you are
|
||||
# starting slapd via some other means or if you don't want slapd normally
|
||||
# started at boot.
|
||||
#SLAPD_NO_START=1
|
||||
|
||||
# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
|
||||
# the init script will not start or restart slapd (but stop will still
|
||||
# work). Use this for temporarily disabling startup of slapd (when doing
|
||||
# maintenance, for example, or through a configuration management system)
|
||||
# when you don't want to edit a configuration file.
|
||||
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
|
||||
|
||||
# For Kerberos authentication (via SASL), slapd by default uses the system
|
||||
# keytab file (/etc/krb5.keytab). To use a different keytab file,
|
||||
# uncomment this line and change the path.
|
||||
#export KRB5_KTNAME=/etc/krb5.keytab
|
||||
|
||||
# Additional options to pass to slapd
|
||||
SLAPD_OPTIONS=""
|
||||
|
|
@ -21,6 +21,10 @@
|
|||
notify: Restart slapd
|
||||
tags: ldap
|
||||
|
||||
- name: Configure slapd (init script)
|
||||
copy: src=slapd dest=/etc/default/slapd
|
||||
tags: ldap
|
||||
|
||||
- name: Configure slapd
|
||||
template: src=slapd.conf.j2 dest=/etc/ldap/slapd.conf
|
||||
notify: Restart slapd
|
||||
|
|
|
|||
|
|
@ -49,6 +49,9 @@ access to attrs=userPassword
|
|||
by self write
|
||||
by anonymous auth
|
||||
by * none
|
||||
access to attrs=loginShell
|
||||
by self write
|
||||
by * none
|
||||
access to *
|
||||
by self read
|
||||
by users read
|
||||
|
|
|
|||
Loading…
Reference in New Issue