majic-ansible-roles Changeset

Changeset - e1f36d36827b

Parent rev.

Child rev.

[Not reviewed]

0 6 0

Branko Majic (branko) - 9 years ago 2015-09-16 23:35:30
branko@majic.rs

MAR-19: Fixed missing parameter for using TLS for LDAP connections in Prosody configuraiton template. Fixed LDAP client configurations, moving most of them out of the individual yml files into all.yml (so only the ldap server gets different config).

6 files changed with 20 insertions and 37 deletions:

roles/xmpp_server/templates/prosody.cfg.lua.j2

testsite/group_vars/all.yml

testsite/group_vars/ldap.yml

testsite/group_vars/mail.yml

testsite/group_vars/web.yml

testsite/group_vars/xmpp.yml

0 comments (0 inline, 0 general)

roles/xmpp_server/templates/prosody.cfg.lua.j2

➞

Show inline comments

@@ @@ -65,6 +65,7 @@ ldap_rootdn = "{{ xmpp_ldap_bind_dn }}" @@
 ldap_password = "{{ xmpp_ldap_password }}"
 ldap_filter = "{{ xmpp_ldap_filter }}"
 ldap_scope = "{{ xmpp_ldap_scope }}"
 ldap_tls = true
 ldap_base = "{{ xmpp_ldap_base }}"
 -- Storage backend.

testsite/group_vars/all.yml

➞

Show inline comments

@@ @@ -45,4 +45,19 @@ ca_certificates: @@
 incoming_connection_limit: 2/second
 incoming_connection_limit_burst: 6
@@ \ No newline at end of file @@
 incoming_connection_limit_burst: 6
 # Default LDAP client configuration.
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
     value: "{{ testsite_ldap_base }}"
   - comment: Set the default URI
     option: URI
     value: ldap://ldap.{{ testsite_domain }}/
   - comment: Set the LDAP TLS truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/ca.pem
   - comment: Enforce TLS
     option: TLS_REQCERT
     value: demand

testsite/group_vars/ldap.yml

➞

Show inline comments

@@ @@ -19,6 +19,9 @@ ldap_client_config: @@
   - comment: Set the LDAP TLS truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/ca.pem
   - comment: Enforce TLS
     option: TLS_REQCERT
     value: demand
 ldap_server_domain: "{{ testsite_domain }}"
 ldap_server_organization: "Example Inc."

testsite/group_vars/mail.yml

➞

Show inline comments

 ---
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
     value: "{{ testsite_ldap_base }}"
   - comment: Set the default URI
     option: URI
     value: ldap://ldap.{{ testsite_domain }}/
   - comment: Set the LDAP TLS truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/ca.pem
 mail_ldap_url: ldap://ldap.{{ testsite_domain }}/
 mail_ldap_tls_truststore: /etc/ssl/certs/ca.pem
 mail_service_ldap_base_dn: "{{ testsite_ldap_base }}"

testsite/group_vars/web.yml

➞

Show inline comments

 ---
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
     value: "{{ testsite_ldap_base }}"
   - comment: Set the default URI
     option: URI
     value: ldap://ldap.{{ testsite_domain }}/
   - comment: Set the LDAP TLS truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/ca.pem
 local_mail_aliases:
   root: "root john.doe@{{ testsite_domain }}"

testsite/group_vars/xmpp.yml

➞

Show inline comments

 ---
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
     value: "{{ testsite_ldap_base }}"
   - comment: Set the default URI
     option: URI
     value: ldapi:///
   - comment: Set the default bind DN
     option: BINDDN
     value: cn=admin,{{ testsite_ldap_base }}
   - comment: Set the LDAP TLS truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/ca.pem
 local_mail_aliases:
   root: "root john.doe@{{ testsite_domain }}"

0 comments (0 inline, 0 general)