forked from infra/ansible
Migrate LDAP from BKCA to Let's Encrypt
This commit is contained in:
parent
c0070e042b
commit
c6c91d7256
@ -2,7 +2,7 @@ DEBUG = True
|
||||
SECRET_KEY = "{{ dss_secret }}"
|
||||
SESSION_TIMEOUT = 3600
|
||||
|
||||
LDAP_CA = "/usr/local/share/ca-certificates/BKCA.crt"
|
||||
LDAP_CA = "/etc/ssl/certs/ca-certificates.crt"
|
||||
LDAP_URI = "ldaps://{{ ldap_host }}"
|
||||
LDAP_BASE = "{{ ldap_base }}"
|
||||
|
||||
|
@ -1,33 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIFuTCCA6GgAwIBAgIJANVP+EmgIyEFMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV
|
||||
BAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRMwEQYDVQQHDApSZWdlbnNidXJnMRww
|
||||
GgYDVQQKDBNCaW5hcnkgS2l0Y2hlbiBlLlYuMR8wHQYDVQQDDBZCaW5hcnkgS2l0
|
||||
Y2hlbiBSb290IENBMB4XDTE1MDUyMjA3MDcyN1oXDTI1MDUxOTA3MDcyN1owczEL
|
||||
MAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExEzARBgNVBAcMClJlZ2Vuc2J1
|
||||
cmcxHDAaBgNVBAoME0JpbmFyeSBLaXRjaGVuIGUuVi4xHzAdBgNVBAMMFkJpbmFy
|
||||
eSBLaXRjaGVuIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
|
||||
AQCwBmbxYSdTH+Ti2UdjpLRbSjA4uMRjJpVus0IviOtjr5nbfx/uA4b+UuhU0FS6
|
||||
69vjuBeheu85SCQLZVA3If2qttlBNPvW8/WzQtmHqAK4jMGTIeD5PNH75bhIafMu
|
||||
LWz5nRcagWoKVeumi9dhFofuoO6uSv1BdSbwK3gYkt5guKl5Pio9HITSFP961ndQ
|
||||
n6dBLPvy4m+pJ6MZxhzaQIvxRr9uVRJieHH9Yl/CQcl2d1YQ24/KNiFFdF2NPyKE
|
||||
+eFl8UWl/6sHS8tqLwhs4qeJCL1ir/1bjr8mZigflBE4mwtuV8EDF0pWWOyYehii
|
||||
NLcS3LfLzv25N9mwhwGMJqLTDihtkcBCNx3c2qFrri1MvXy/KFrHKh2jt9pvgYDX
|
||||
M2+g+tm+aWXfylu6k1GOIByT5ALktUzhfwuxk0SdplZNUqSfu1DccvxP9hbtSZPP
|
||||
EnARbcTD/wOCSDj+nSG8scUIo3pNHddh0zx+W16kwBoNGHJX+g7vkMJikvYlHo2i
|
||||
6CRdx47MknCgj/jQSPlajxAH5zzDcABbFRoRKh/esDEeGaKMKVyKJJFlx4CmHQ53
|
||||
zc/jV3VjQo5yL1v3YUYllccZeXmGQb5UJoSRfpE+mvO9+EYAxWLydswNeQI1f1r8
|
||||
CTWlD4tT0gooZzGKpw58Zp3IacXIzjDT5Ri2xfB+Oo4WaQIDAQABo1AwTjAdBgNV
|
||||
HQ4EFgQU7MXazC3sn6xTIDkKtBv4AvYcob0wHwYDVR0jBBgwFoAU7MXazC3sn6xT
|
||||
IDkKtBv4AvYcob0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAq/fD
|
||||
BfaVi1KjRANxHKXmADqN0UpSdVoB2qKsj9nJ07fdS38rUqA+QjU+zmCufVkmMxKf
|
||||
es3qZz5fOHkVHAiOt65XWFtYK62JByr4LomLDVDWSM4BmbU4aB8ix9ZPOr+NmB4B
|
||||
QX99w0aMknO/ohVQ7InubgsXMaKA8kggCtpBQkfwcF2ntIGvyeuPJYwAWG19iH4a
|
||||
uAvOdgyDCuta6UI5UPCdYdArFv3hn6+ht60tMdxo1qq9KUlyqZ3AX1Xd4+krLlCI
|
||||
Kp+qfcyJ1igD5wT50egOAvc9SydFaXgAUIjt3oY5YYvP+MWmVMI107jl4jfMnQeI
|
||||
G5qIEy9luhrjqJaHfLHyT10IaU/uZB7ZvZx7ElIo1YlTlIcMU8Wg6CJponDh/1aw
|
||||
PbQhtuzk60N5905zDnpSHJSa91JcpVsLPv2ykQfimA8HNH2xS7ORXUJzwvEB1vhM
|
||||
KnGMQB0px7HQtTTCKcDFeqZXygi4nXNygrp+swnO869jV4e6ReeV/RB7nxjd307J
|
||||
gpRdtBbIambnFP74nJUhRk/60VlCDz92f+CTosHM6rdlOxFyX69cZZhoCFU5u4wF
|
||||
ODqfxRzNJPhChozXcciAcLfhx89x0ob92XQenzZzFtylDvUAskhdhTMFLKGHstH7
|
||||
Q8Xr0jNYp5PaGNC5m+m9ngLYe6GzxGol7dLJElc=
|
||||
-----END CERTIFICATE-----
|
@ -49,11 +49,8 @@
|
||||
- name: Set shell for root user
|
||||
user: name=root shell=/bin/zsh
|
||||
|
||||
- name: Create BKCA certificate directory
|
||||
file: path=/usr/local/share/ca-certificates state=directory
|
||||
|
||||
- name: Copy BKCA certificate
|
||||
copy: src=BKCA.crt dest=/usr/local/share/ca-certificates/BKCA.crt mode=0444
|
||||
- name: Remove BKCA certificate
|
||||
file: path=/usr/local/share/ca-certificates/BKCA.crt state=absent
|
||||
notify: update-ca-certificates
|
||||
|
||||
- name: Create LDAP client config
|
||||
|
@ -25,15 +25,3 @@
|
||||
with_items:
|
||||
- { src: '.zshrc', dest: '/root/.zshrc' }
|
||||
- { src: '.zshrc.local', dest: '/root/.zshrc.local' }
|
||||
|
||||
- name: Create BKCA certificate directory
|
||||
file: path="{{ item }}" state=directory
|
||||
loop:
|
||||
- "/etc/ssl/certs"
|
||||
- "/usr/local/etc/ssl/certs"
|
||||
|
||||
- name: Copy BKCA certificate
|
||||
copy: src=BKCA.crt dest="{{ item }}/BKCA.crt" mode=0444
|
||||
loop:
|
||||
- "/etc/ssl/certs"
|
||||
- "/usr/local/etc/ssl/certs"
|
||||
|
Loading…
Reference in New Issue
Block a user