Files
@ a718023f9e76
Branch filter:
Location: majic-ansible-roles/roles/ldap_server/defaults/main.yml - annotation
a718023f9e76
1010 B
text/x-yaml
MAR-181: Drop support for Debian 9 Stretch from the backup_client role:
- Provide more details on use of pexpect+sftp backed for
Duplicity (backend has to be used on Debian 10 Buster as well, not
just Debian 9 Stretch).
- Switch to using IPs from VirtualBox default allowed host-only
network subnets.
- Provide more details on use of pexpect+sftp backed for
Duplicity (backend has to be used on Debian 10 Buster as well, not
just Debian 9 Stretch).
- Switch to using IPs from VirtualBox default allowed host-only
network subnets.
99edcba90842 99edcba90842 c082a26b62ff 99edcba90842 99edcba90842 99edcba90842 99edcba90842 99edcba90842 99edcba90842 9f804c9501da 9f804c9501da 99edcba90842 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 55dd00900508 63d26c0b3d86 430eb250e244 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 2e3af1a245a5 | ---
enable_backup: false
ldap_entries: []
# Internal value, base DN.
ldap_server_int_basedn: "{{ ldap_server_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"
ldap_server_organization: "Private"
ldap_server_log_level: 256
ldap_server_ssf: 128
ldap_server_consumers: []
ldap_server_groups: []
ldap_permissions:
- >
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,{{ ldap_server_int_basedn }}" manage
by * break
- >
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >
to dn.base=""
by * read
- >
to *
by self write
by dn="cn=admin,{{ ldap_server_int_basedn }}" write
by users read
by * none
ldap_tls_ciphers: "NONE:\
+VERS-TLS1.2:\
+CTYPE-X509:\
+COMP-NULL:\
+SIGN-RSA-SHA256:\
+SIGN-RSA-SHA384:\
+SIGN-RSA-SHA512:\
+DHE-RSA:\
+ECDHE-RSA:\
+SHA256:\
+SHA384:\
+SHA512:\
+AEAD:\
+AES-128-GCM:\
+AES-256-GCM:\
+CHACHA20-POLY1305:\
+CURVE-ALL"
|