foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ldap_server: Add memberOf overlay support

Browse source
This commit is contained in:
Timo Makinen 2023-02-19 14:25:39 +00:00
parent f17d1ff8db
commit 04b332aa28
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/ldap_server/templates/slapd.conf.j2
View file

@ -39,6 +39,7 @@ moduleload ppolicy.la
moduleload syncprov.la moduleload syncprov.la
#moduleload smbkrb5pwd.la #moduleload smbkrb5pwd.la
moduleload constraint.la moduleload constraint.la
moduleload memberof.la
# certificates and ciphers (unfortunately modern cipher suite didn't work) # certificates and ciphers (unfortunately modern cipher suite didn't work)
TLSCertificateFile {{ tls_certs }}/{{ ldap_server_cert }}.crt TLSCertificateFile {{ tls_certs }}/{{ ldap_server_cert }}.crt
@ -77,6 +78,11 @@ overlay constraint
constraint_attribute loginShell regex ^/bin/(bash|tcsh|zsh)$ constraint_attribute loginShell regex ^/bin/(bash|tcsh|zsh)$
constraint_attribute uniqueMember uri ldap:///ou=People,{{ ldap_basedn }}?entryDN?one?(objectClass=inetOrgPerson) constraint_attribute uniqueMember uri ldap:///ou=People,{{ ldap_basedn }}?entryDN?one?(objectClass=inetOrgPerson)
overlay memberof
memberof-group-oc groupOfUniqueNames
memberof-member-ad uniqueMember
memberof-memberof-ad memberOf
# database directory # database directory
# chmod 700 so ldap:ldap can create encrypted backups with group readable # chmod 700 so ldap:ldap can create encrypted backups with group readable
# access without access to clear text data # access without access to clear text data