Deploy sane ldap.conf for ldap clients.

This commit is contained in:
Markus 2016-04-06 09:50:00 +02:00
parent 1f11072d0f
commit 07ca697e63
2 changed files with 20 additions and 0 deletions

View File

@ -38,5 +38,8 @@
- name: Create LDAP certificate directory - name: Create LDAP certificate directory
file: path=/etc/ldap/ssl state=directory file: path=/etc/ldap/ssl state=directory
- name: Create LDAP client config
template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf mode=0644
- name: Copy LDAP certificate - name: Copy LDAP certificate
copy: src=BKCA.crt dest=/etc/ldap/ssl/BKCA.crt mode=0444 copy: src=BKCA.crt dest=/etc/ldap/ssl/BKCA.crt mode=0444

View File

@ -0,0 +1,17 @@
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE {{ ldap_base }}
URI {{ ldap_uri }}
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ldap/ssl/BKCA.crt