majic-ansible-roles Files · roles/mail_server/templates/dovecot-ldap.conf.ext.j2

Files @ 814be5def61d

Branch filter:

Location: majic-ansible-roles/roles/mail_server/templates/dovecot-ldap.conf.ext.j2 - annotation

814be5def61d 687 B text/plain Show Source Show as Raw Download as Raw

branko

MAR-189: Added support for Debian 11 Bullseye to xmpp_server role:

- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.

1b50bc1cc817
4313878669b1
1b50bc1cc817
107417b217e0
1b05bae8e440
107417b217e0
107417b217e0
4313878669b1
107417b217e0
4313878669b1
107417b217e0
4313878669b1
107417b217e0
4313878669b1
107417b217e0
107417b217e0

uris = {{ mail_ldap_url }}
dn = cn=dovecot,ou=services,{{ mail_ldap_base_dn }}
dnpass = {{ mail_ldap_dovecot_password }}
tls = yes
tls_ca_cert_file = /etc/ssl/certs/mail_ldap_tls_truststore.pem
tls_require_cert = demand
auth_bind = yes
base = ou=people,{{ mail_ldap_base_dn }}
scope = onelevel
user_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap_base_dn }}))
pass_attrs = mail=user,userPassword=password
pass_filter = (&(objectClass=inetOrgPerson)(mail=%u)(memberOf=cn=mail,ou=groups,{{ mail_ldap_base_dn }}))
iterate_attrs = mail=user
iterate_filter = (memberOf=cn=mail,ou=groups,{{ mail_ldap_base_dn }})
default_pass_scheme = SSHA
user_attrs =