From 6541059276589ed34daa5d7032957b6d1ee355e6 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sat, 8 Jun 2019 17:28:58 +0300
Subject: [PATCH] set sasl-host to get kerberos tickets match hostname

---
 roles/ldap/server/templates/slapd.conf.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/ldap/server/templates/slapd.conf.j2 b/roles/ldap/server/templates/slapd.conf.j2
index a00f2c2..0fd38b7 100644
--- a/roles/ldap/server/templates/slapd.conf.j2
+++ b/roles/ldap/server/templates/slapd.conf.j2
@@ -50,6 +50,9 @@ TLSECName prime256v1
 TLSCipherSuite {{ tls_ciphers }}
 TLSProtocolMin 3.3
 
+# force hostname to get kerberos working correctly behind proxies
+sasl-host ldap.foo.sh
+
 #####################################################################
 # database {{ ldap_basedn }} configurations
 #####################################################################