Fix ldap-server (confirmed working on debian).

This commit is contained in:
Markus 2016-03-24 11:43:40 +01:00
parent 283a1154a9
commit 5d3282d567
6 changed files with 25 additions and 9 deletions

View File

@ -1,6 +1,6 @@
--- ---
ldap_ca: /etc/BKCA.crt ldap_ca: /etc/ldap/ssl/BKCA.crt
ldap_uri: ldaps://ldap.binary.kitchen/ ldap_uri: ldaps://ldap.binary.kitchen/
ldap_host: ldap.binary.kitchen ldap_host: ldap.binary.kitchen
ldap_base: dc=binary-kitchen,dc=de ldap_base: dc=binary-kitchen,dc=de

View File

@ -18,6 +18,7 @@
with_items: with_items:
- dnsutils - dnsutils
- htop - htop
- openssl
- pydf - pydf
- sudo - sudo
- vim-nox - vim-nox
@ -34,5 +35,8 @@
- name: Set shell for root user - name: Set shell for root user
user: name=root shell=/bin/zsh user: name=root shell=/bin/zsh
- name: Create LDAP certificate directory
file: path=/etc/ldap/ssl state=directory
- name: Copy LDAP certificate - name: Copy LDAP certificate
copy: src=BKCA.crt dest=/etc/BKCA.crt copy: src=BKCA.crt dest=/etc/ldap/ssl/BKCA.crt mode=0444

View File

@ -26,5 +26,8 @@
- { src: '.zshrc.local', dest: '/root/.zshrc.local' } - { src: '.zshrc.local', dest: '/root/.zshrc.local' }
- { src: 'prompt_gentoo_setup', dest: '/usr/local/share/zsh/5.2/functions/Prompts/prompt_gentoo_setup' } - { src: 'prompt_gentoo_setup', dest: '/usr/local/share/zsh/5.2/functions/Prompts/prompt_gentoo_setup' }
- name: Create LDAP certificate directory
file: path=/etc/ldap/ssl state=directory
- name: Copy LDAP certificate - name: Copy LDAP certificate
copy: src=BKCA.crt dest=/etc/BKCA.crt copy: src=BKCA.crt dest=/etc/ldap/ssl/BKCA.crt mode=0444

View File

@ -6,12 +6,17 @@
# attribute type definitions # attribute type definitions
attributetype ( 23.42.1.1 NAME 'mailAlternateAddress' attributetype ( 23.42.1.1 NAME 'mailAlternateAddress'
DESC 'Secondary (alias) Aail Address' SUBSTR caseIgnoreSubstringsMatch
SUP mail ) DESC 'Secondary (alias) mailaddresses for the same user'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 23.42.1.2 NAME 'rewMailAddress' attributetype ( 23.42.1.2 NAME 'rewMailAddress'
SUBSTR caseIgnoreSubstringsMatch
DESC 'Rewritten Mail Address' DESC 'Rewritten Mail Address'
SUP mail ) EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
# object class definitions # object class definitions
@ -19,5 +24,4 @@ objectclass ( 23.42.2.1 NAME 'kitchenUser'
DESC 'Binary Kitchen User' DESC 'Binary Kitchen User'
SUP top AUXILIARY SUP top AUXILIARY
MUST ( mail $ uid ) MUST ( mail $ uid )
MAY ( mailAlternateAddress $ rewMailAddress ) MAY ( mailAlternateAddress $ rewMailAddress ) )
)

View File

@ -26,6 +26,11 @@
notify: Restart slapd notify: Restart slapd
tags: ldap tags: ldap
- name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ldap/ssl/ldapm.key -out /etc/ldap/ssl/ldapm.crt -days 730 -subj "/CN=ldapm.binary.kitchen" creates=/etc/ldap/ssl/ldapm.crt
notify: Restart slapd
tags: nginx
- name: Start slapd - name: Start slapd
service: name=slapd state=started enabled=yes service: name=slapd state=started enabled=yes
tags: ldap tags: ldap

View File

@ -62,7 +62,7 @@ access to *
TLSCertificateFile /etc/ldap/ssl/ldapm.crt TLSCertificateFile /etc/ldap/ssl/ldapm.crt
TLSCertificateKeyFile /etc/ldap/ssl/ldapm.key TLSCertificateKeyFile /etc/ldap/ssl/ldapm.key
TLSCACertificateFile {{ ldap_ca }} TLSCACertificateFile {{ ldap_ca }}
TLSCipherSuite TLSv1+RSA:!NULL TLSCipherSuite NORMAL
TLSVerifyClient never TLSVerifyClient never