Files
@ 814be5def61d
Branch filter:
Location: majic-ansible-roles/roles/ldap_server/defaults/main.yml - annotation
814be5def61d
1010 B
text/x-yaml
MAR-189: Added support for Debian 11 Bullseye to xmpp_server role:
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
99edcba90842 99edcba90842 c082a26b62ff 99edcba90842 99edcba90842 99edcba90842 99edcba90842 99edcba90842 99edcba90842 9f804c9501da 9f804c9501da 99edcba90842 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 55dd00900508 63d26c0b3d86 430eb250e244 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 | ---
enable_backup: false
ldap_entries: []
# Internal value, base DN.
ldap_server_int_basedn: "{{ ldap_server_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"
ldap_server_organization: "Private"
ldap_server_log_level: 256
ldap_server_ssf: 128
ldap_server_consumers: []
ldap_server_groups: []
ldap_permissions:
- >
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,{{ ldap_server_int_basedn }}" manage
by * break
- >
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >
to dn.base=""
by * read
- >
to *
by self write
by dn="cn=admin,{{ ldap_server_int_basedn }}" write
by users read
by * none
ldap_tls_ciphers: "NONE:\
+VERS-TLS1.2:\
+CTYPE-X509:\
+COMP-NULL:\
+SIGN-RSA-SHA256:\
+SIGN-RSA-SHA384:\
+SIGN-RSA-SHA512:\
+DHE-RSA:\
+ECDHE-RSA:\
+SHA256:\
+SHA384:\
+SHA512:\
+AEAD:\
+AES-128-GCM:\
+AES-256-GCM:\
+CHACHA20-POLY1305:\
+CURVE-ALL"
|