Have ldap-server offer ldaps connections.
This commit is contained in:
parent
157577dfcb
commit
749991b39a
45
roles/ldap-server/files/slapd
Normal file
45
roles/ldap-server/files/slapd
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
# Default location of the slapd.conf file or slapd.d cn=config directory. If
|
||||||
|
# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
|
||||||
|
# /etc/ldap/slapd.conf).
|
||||||
|
SLAPD_CONF=
|
||||||
|
|
||||||
|
# System account to run the slapd server under. If empty the server
|
||||||
|
# will run as root.
|
||||||
|
SLAPD_USER="openldap"
|
||||||
|
|
||||||
|
# System group to run the slapd server under. If empty the server will
|
||||||
|
# run in the primary group of its user.
|
||||||
|
SLAPD_GROUP="openldap"
|
||||||
|
|
||||||
|
# Path to the pid file of the slapd server. If not set the init.d script
|
||||||
|
# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by
|
||||||
|
# default)
|
||||||
|
SLAPD_PIDFILE=
|
||||||
|
|
||||||
|
# slapd normally serves ldap only on all TCP-ports 389. slapd can also
|
||||||
|
# service requests on TCP-port 636 (ldaps) and requests via unix
|
||||||
|
# sockets.
|
||||||
|
# Example usage:
|
||||||
|
# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
|
||||||
|
SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
|
||||||
|
|
||||||
|
# If SLAPD_NO_START is set, the init script will not start or restart
|
||||||
|
# slapd (but stop will still work). Uncomment this if you are
|
||||||
|
# starting slapd via some other means or if you don't want slapd normally
|
||||||
|
# started at boot.
|
||||||
|
#SLAPD_NO_START=1
|
||||||
|
|
||||||
|
# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
|
||||||
|
# the init script will not start or restart slapd (but stop will still
|
||||||
|
# work). Use this for temporarily disabling startup of slapd (when doing
|
||||||
|
# maintenance, for example, or through a configuration management system)
|
||||||
|
# when you don't want to edit a configuration file.
|
||||||
|
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
|
||||||
|
|
||||||
|
# For Kerberos authentication (via SASL), slapd by default uses the system
|
||||||
|
# keytab file (/etc/krb5.keytab). To use a different keytab file,
|
||||||
|
# uncomment this line and change the path.
|
||||||
|
#export KRB5_KTNAME=/etc/krb5.keytab
|
||||||
|
|
||||||
|
# Additional options to pass to slapd
|
||||||
|
SLAPD_OPTIONS=""
|
||||||
@ -21,6 +21,10 @@
|
|||||||
notify: Restart slapd
|
notify: Restart slapd
|
||||||
tags: ldap
|
tags: ldap
|
||||||
|
|
||||||
|
- name: Configure slapd (init script)
|
||||||
|
copy: src=slapd dest=/etc/default/slapd
|
||||||
|
tags: ldap
|
||||||
|
|
||||||
- name: Configure slapd
|
- name: Configure slapd
|
||||||
template: src=slapd.conf.j2 dest=/etc/ldap/slapd.conf
|
template: src=slapd.conf.j2 dest=/etc/ldap/slapd.conf
|
||||||
notify: Restart slapd
|
notify: Restart slapd
|
||||||
|
|||||||
@ -49,6 +49,9 @@ access to attrs=userPassword
|
|||||||
by self write
|
by self write
|
||||||
by anonymous auth
|
by anonymous auth
|
||||||
by * none
|
by * none
|
||||||
|
access to attrs=loginShell
|
||||||
|
by self write
|
||||||
|
by * none
|
||||||
access to *
|
access to *
|
||||||
by self read
|
by self read
|
||||||
by users read
|
by users read
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user