fablab-nea/labsync
1
0
Fork 0
Code Issues 11 Pull requests 2 Projects Releases Packages Wiki Activity Actions

FIXME: add self signed cert

Browse source
This commit is contained in:
Simon Bruder 2018-05-19 22:40:45 +00:00
parent b5099fd4a9
commit af42dc6380
No known key found for this signature in database
GPG key ID: 6F03E0000CC5B62F
4 changed files with 35 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

23
packer/ansible/roles/auth/files/ldapca.pem Normal file
View file

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID5jCCAs6gAwIBAgIJAPtqBuTAclYRMA0GCSqGSIb3DQEBCwUAMIGHMQswCQYD
VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UEBwwNQmFkIFdpbmRzaGVp
bTETMBEGA1UECgwKRmFiTGFiIE5FQTEWMBQGA1UEAwwNZmFibGFiLW5lYS5kZTEh
MB8GCSqGSIb3DQEJARYSaW5mb0BmYWJsYWItbmVhLmRlMB4XDTE4MDUxNzE3NDIz
OFoXDTI4MDIxNDE3NDIzOFowgYcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZh
cmlhMRYwFAYDVQQHDA1CYWQgV2luZHNoZWltMRMwEQYDVQQKDApGYWJMYWIgTkVB
MRYwFAYDVQQDDA1mYWJsYWItbmVhLmRlMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGZh
YmxhYi1uZWEuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD8ldQ
/azjfG6yUPi86f9adQxy4kV/MjSu+VViHILPBYwByB9FpJ9vp6kpTZpWpRk1NHqS
YYc4MwYNo/bi2hO+b6ZP3D5OGnLdud6X0zHAH9751Svw/4y9CY5a/WrAp/TND7M0
wpi7SpyMJdJpuPGa53s6hGjIfcFwpF4TJD3UJJZsXghsOsKpq13JRiERZ1BGOJJD
HPzr6BdWdH40IakNa7PS+ZFdHJ2qTTBinZIjc4lOe5WRK6ZmAB5kZpv3h8vxgpqu
E6c0IlBu8U+0yQXdxhw98xJ5jwknANROaEWSBqR8tD1LAIARAEbTYWmkmdULnPz3
Kq86PzZ9ac/vh86TAgMBAAGjUzBRMB0GA1UdDgQWBBRESu5pvADeGZ5BRGep+5g0
OkulezAfBgNVHSMEGDAWgBRESu5pvADeGZ5BRGep+5g0OkulezAPBgNVHRMBAf8E
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCF5nZ/FORMg9ug+kAWTT4NQMt7YALg
VCYWg34xWLU7Tk9O6yAoa5O+SABYXIr0oNU7mdqZPeOKTNpOQOeg1RyXB74g3wrP
gKRjbG3vWG53FLuNfeEhC0hC1ThFy2mXsIvgW0Q+29PoCeipT8Q62/UDx4CZkZBO
uVJ+jjl7WH/MJJWMJXCxDvqyM12MqlLCkfxiVnRD5XNHRRoVK3gHI07FVnTVEjIb
SQCsn1DtCJG27xbizLuf1ipYwLvLm+zPKBs6pVqqT6oDbgltaDqzg1dvAZuk4XX8
DcW65+UEiDe7xXmYUREj0E7FvCNHNY2xZPHGEUUbIOvNZmj836gS1/fR
-----END CERTIFICATE-----

6
packer/ansible/roles/auth/tasks/ldap.yml
View file

@ -4,6 +4,12 @@
name: "libnss-ldapd"
state: present
# TODO: remove this step and switch to Lets encrypt
- name: add ldap ca cert
copy:
src: ldapca.pem
dest: /etc/ssl/certs/ldapca.pem
- name: add ldap global config
template:
src: ldap.conf.j2

4
packer/ansible/roles/auth/templates/ldap.conf.j2
View file

@ -4,3 +4,7 @@ URI {{ auth.ldap.protocol }}://{{ auth.ldap.server }}
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# TLS certificates
# TODO: replace/omit to use system bundle and Lets encrypt
TLS_CACERT /etc/ssl/certs/ldapca.pem

2
packer/ansible/roles/auth/templates/nslcd.conf.j2
View file

@ -21,6 +21,8 @@ base {{ auth.ldap.base }}
# SSL options
ssl start_tls
#tls_reqcert never
# TODO: replace with system bundle for Lets encrypt usage
tls_cacertfile /etc/ssl/certs/ldapca.pem
# The search scope.
#scope sub