FIXME: add self signed cert
This commit is contained in:
parent
b5099fd4a9
commit
af42dc6380
4 changed files with 35 additions and 0 deletions
23
packer/ansible/roles/auth/files/ldapca.pem
Normal file
23
packer/ansible/roles/auth/files/ldapca.pem
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIID5jCCAs6gAwIBAgIJAPtqBuTAclYRMA0GCSqGSIb3DQEBCwUAMIGHMQswCQYD
|
||||||
|
VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UEBwwNQmFkIFdpbmRzaGVp
|
||||||
|
bTETMBEGA1UECgwKRmFiTGFiIE5FQTEWMBQGA1UEAwwNZmFibGFiLW5lYS5kZTEh
|
||||||
|
MB8GCSqGSIb3DQEJARYSaW5mb0BmYWJsYWItbmVhLmRlMB4XDTE4MDUxNzE3NDIz
|
||||||
|
OFoXDTI4MDIxNDE3NDIzOFowgYcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZh
|
||||||
|
cmlhMRYwFAYDVQQHDA1CYWQgV2luZHNoZWltMRMwEQYDVQQKDApGYWJMYWIgTkVB
|
||||||
|
MRYwFAYDVQQDDA1mYWJsYWItbmVhLmRlMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGZh
|
||||||
|
YmxhYi1uZWEuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD8ldQ
|
||||||
|
/azjfG6yUPi86f9adQxy4kV/MjSu+VViHILPBYwByB9FpJ9vp6kpTZpWpRk1NHqS
|
||||||
|
YYc4MwYNo/bi2hO+b6ZP3D5OGnLdud6X0zHAH9751Svw/4y9CY5a/WrAp/TND7M0
|
||||||
|
wpi7SpyMJdJpuPGa53s6hGjIfcFwpF4TJD3UJJZsXghsOsKpq13JRiERZ1BGOJJD
|
||||||
|
HPzr6BdWdH40IakNa7PS+ZFdHJ2qTTBinZIjc4lOe5WRK6ZmAB5kZpv3h8vxgpqu
|
||||||
|
E6c0IlBu8U+0yQXdxhw98xJ5jwknANROaEWSBqR8tD1LAIARAEbTYWmkmdULnPz3
|
||||||
|
Kq86PzZ9ac/vh86TAgMBAAGjUzBRMB0GA1UdDgQWBBRESu5pvADeGZ5BRGep+5g0
|
||||||
|
OkulezAfBgNVHSMEGDAWgBRESu5pvADeGZ5BRGep+5g0OkulezAPBgNVHRMBAf8E
|
||||||
|
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCF5nZ/FORMg9ug+kAWTT4NQMt7YALg
|
||||||
|
VCYWg34xWLU7Tk9O6yAoa5O+SABYXIr0oNU7mdqZPeOKTNpOQOeg1RyXB74g3wrP
|
||||||
|
gKRjbG3vWG53FLuNfeEhC0hC1ThFy2mXsIvgW0Q+29PoCeipT8Q62/UDx4CZkZBO
|
||||||
|
uVJ+jjl7WH/MJJWMJXCxDvqyM12MqlLCkfxiVnRD5XNHRRoVK3gHI07FVnTVEjIb
|
||||||
|
SQCsn1DtCJG27xbizLuf1ipYwLvLm+zPKBs6pVqqT6oDbgltaDqzg1dvAZuk4XX8
|
||||||
|
DcW65+UEiDe7xXmYUREj0E7FvCNHNY2xZPHGEUUbIOvNZmj836gS1/fR
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -4,6 +4,12 @@
|
||||||
name: "libnss-ldapd"
|
name: "libnss-ldapd"
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
# TODO: remove this step and switch to Let’s encrypt
|
||||||
|
- name: add ldap ca cert
|
||||||
|
copy:
|
||||||
|
src: ldapca.pem
|
||||||
|
dest: /etc/ssl/certs/ldapca.pem
|
||||||
|
|
||||||
- name: add ldap global config
|
- name: add ldap global config
|
||||||
template:
|
template:
|
||||||
src: ldap.conf.j2
|
src: ldap.conf.j2
|
||||||
|
|
|
||||||
|
|
@ -4,3 +4,7 @@ URI {{ auth.ldap.protocol }}://{{ auth.ldap.server }}
|
||||||
#SIZELIMIT 12
|
#SIZELIMIT 12
|
||||||
#TIMELIMIT 15
|
#TIMELIMIT 15
|
||||||
#DEREF never
|
#DEREF never
|
||||||
|
|
||||||
|
# TLS certificates
|
||||||
|
# TODO: replace/omit to use system bundle and Let’s encrypt
|
||||||
|
TLS_CACERT /etc/ssl/certs/ldapca.pem
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,8 @@ base {{ auth.ldap.base }}
|
||||||
# SSL options
|
# SSL options
|
||||||
ssl start_tls
|
ssl start_tls
|
||||||
#tls_reqcert never
|
#tls_reqcert never
|
||||||
|
# TODO: replace with system bundle for Let’s encrypt usage
|
||||||
|
tls_cacertfile /etc/ssl/certs/ldapca.pem
|
||||||
|
|
||||||
# The search scope.
|
# The search scope.
|
||||||
#scope sub
|
#scope sub
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue