diff --git a/roles/xmpp_server/templates/prosody.cfg.lua.j2 b/roles/xmpp_server/templates/prosody.cfg.lua.j2 index e6a403d68fb1770ce129fb441a36bccc3671d941..259fd6e824df0d871f87770c9c16a0700cb6d6dc 100644 --- a/roles/xmpp_server/templates/prosody.cfg.lua.j2 +++ b/roles/xmpp_server/templates/prosody.cfg.lua.j2 @@ -65,6 +65,7 @@ ldap_rootdn = "{{ xmpp_ldap_bind_dn }}" ldap_password = "{{ xmpp_ldap_password }}" ldap_filter = "{{ xmpp_ldap_filter }}" ldap_scope = "{{ xmpp_ldap_scope }}" +ldap_tls = true ldap_base = "{{ xmpp_ldap_base }}" -- Storage backend. diff --git a/testsite/group_vars/all.yml b/testsite/group_vars/all.yml index 2cdfa0a62e94bbf9ddf7df81b146c1695c04893c..e37d3b30b06db03dcb81d0759d97e6afb677e348 100644 --- a/testsite/group_vars/all.yml +++ b/testsite/group_vars/all.yml @@ -45,4 +45,19 @@ ca_certificates: incoming_connection_limit: 2/second -incoming_connection_limit_burst: 6 \ No newline at end of file +incoming_connection_limit_burst: 6 + +# Default LDAP client configuration. +ldap_client_config: + - comment: Set the base DN + option: BASE + value: "{{ testsite_ldap_base }}" + - comment: Set the default URI + option: URI + value: ldap://ldap.{{ testsite_domain }}/ + - comment: Set the LDAP TLS truststore + option: TLS_CACERT + value: /etc/ssl/certs/ca.pem + - comment: Enforce TLS + option: TLS_REQCERT + value: demand diff --git a/testsite/group_vars/ldap.yml b/testsite/group_vars/ldap.yml index e8d9aebdd8bb97d10d8b7fe6804897d662e5321e..350d5a2ddc79bdb6139d68ca9d43e879b5f0f886 100644 --- a/testsite/group_vars/ldap.yml +++ b/testsite/group_vars/ldap.yml @@ -19,6 +19,9 @@ ldap_client_config: - comment: Set the LDAP TLS truststore option: TLS_CACERT value: /etc/ssl/certs/ca.pem + - comment: Enforce TLS + option: TLS_REQCERT + value: demand ldap_server_domain: "{{ testsite_domain }}" ldap_server_organization: "Example Inc." diff --git a/testsite/group_vars/mail.yml b/testsite/group_vars/mail.yml index 60c448619920c8720ce0472b7d00362f353d9d40..a930c71a29f3a2bbf2dc878d70aad3cf223c9c29 100644 --- a/testsite/group_vars/mail.yml +++ b/testsite/group_vars/mail.yml @@ -1,16 +1,5 @@ --- -ldap_client_config: - - comment: Set the base DN - option: BASE - value: "{{ testsite_ldap_base }}" - - comment: Set the default URI - option: URI - value: ldap://ldap.{{ testsite_domain }}/ - - comment: Set the LDAP TLS truststore - option: TLS_CACERT - value: /etc/ssl/certs/ca.pem - mail_ldap_url: ldap://ldap.{{ testsite_domain }}/ mail_ldap_tls_truststore: /etc/ssl/certs/ca.pem mail_service_ldap_base_dn: "{{ testsite_ldap_base }}" diff --git a/testsite/group_vars/web.yml b/testsite/group_vars/web.yml index 0095ed20df91bb04dac68ef7738dd525dff0c696..05c38234cf7e21b6e1861152fa9405b3511cfe20 100644 --- a/testsite/group_vars/web.yml +++ b/testsite/group_vars/web.yml @@ -1,16 +1,5 @@ --- -ldap_client_config: - - comment: Set the base DN - option: BASE - value: "{{ testsite_ldap_base }}" - - comment: Set the default URI - option: URI - value: ldap://ldap.{{ testsite_domain }}/ - - comment: Set the LDAP TLS truststore - option: TLS_CACERT - value: /etc/ssl/certs/ca.pem - local_mail_aliases: root: "root john.doe@{{ testsite_domain }}" diff --git a/testsite/group_vars/xmpp.yml b/testsite/group_vars/xmpp.yml index f26c906a09b95700bd1244ce5deb30286bec94ad..e003fac54f42ec660698b849411b31b3affc31cd 100644 --- a/testsite/group_vars/xmpp.yml +++ b/testsite/group_vars/xmpp.yml @@ -1,19 +1,5 @@ --- -ldap_client_config: - - comment: Set the base DN - option: BASE - value: "{{ testsite_ldap_base }}" - - comment: Set the default URI - option: URI - value: ldapi:/// - - comment: Set the default bind DN - option: BINDDN - value: cn=admin,{{ testsite_ldap_base }} - - comment: Set the LDAP TLS truststore - option: TLS_CACERT - value: /etc/ssl/certs/ca.pem - local_mail_aliases: root: "root john.doe@{{ testsite_domain }}"