kishi/infra
1
0
Fork 0
forked from infra/ansible
Code Releases Activity

Make LDAP CA cert file a variable.

Browse Source
This commit is contained in:
Markus 2016-03-03 08:14:43 +01:00
parent 4f5558528e
commit 1cdb5750dc
3 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
group_vars/all
View File

@ -1,5 +1,6 @@
--- ---
ldap_ca: /etc/ssl/BKCA.crt
ldap_uri: ldaps://ldap.binary.kitchen/ ldap_uri: ldaps://ldap.binary.kitchen/
ldap_host: ldap.binary.kitchen ldap_host: ldap.binary.kitchen
ldap_base: dc=binary-kitchen,dc=de ldap_base: dc=binary-kitchen,dc=de

2
roles/ldap-client/templates/nslcd.conf.j2
View File

@ -32,4 +32,4 @@ base shadow {{ nslcd_base_shadow }}
# SSL options # SSL options
tls_reqcert demand tls_reqcert demand
tls_cacertfile /etc/ssl/BKCA.crt tls_cacertfile {{ ldap_ca }}

4
roles/mail/templates/dovecot/dovecot-ldap.conf.ext.j2
View File

@ -45,14 +45,14 @@ dnpass = {{ ldap_bindpw }}
# Use TLS to connect to the LDAP server. # Use TLS to connect to the LDAP server.
tls = yes tls = yes
# TLS options, currently supported only with OpenLDAP: # TLS options, currently supported only with OpenLDAP:
#tls_ca_cert_file = TODO tls_ca_cert_file = {{ ldap_ca }}
#tls_ca_cert_dir = #tls_ca_cert_dir =
#tls_cipher_suite = #tls_cipher_suite =
# TLS cert/key is used only if LDAP server requires a client certificate. # TLS cert/key is used only if LDAP server requires a client certificate.
#tls_cert_file = #tls_cert_file =
#tls_key_file = #tls_key_file =
# Valid values: never, hard, demand, allow, try # Valid values: never, hard, demand, allow, try
#tls_require_cert = TODO tls_require_cert = demand
# Use the given ldaprc path. # Use the given ldaprc path.
#ldaprc_path = #ldaprc_path =