foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

saslauthd: Fix LDAP mech

Browse source 
* Fix server address
* Force server certificate check
* Use client certificates for authenticating to LDAP
This commit is contained in:
Timo Makinen 2021-03-11 17:01:24 +00:00
parent 61633eb07b
commit a293945d04
2 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/saslauthd/tasks/main.yml
View file

@ -19,7 +19,7 @@
template: template:
dest: /etc/saslauthd.conf dest: /etc/saslauthd.conf
src: saslauthd.conf.j2 src: saslauthd.conf.j2
mode: 0644 mode: 0640
owner: root owner: root
group: "{{ ansible_wheel }}" group: "{{ ansible_wheel }}"
notify: restart saslauthd notify: restart saslauthd

11
roles/saslauthd/templates/saslauthd.conf.j2
View file

@ -1,2 +1,11 @@
ldap_servers: {{ ldap_server }} ldap_servers: {% for server in ldap_server %}ldaps://{{ server }} {% endfor %}
ldap_search_base: {{ ldap_basedn }} ldap_search_base: {{ ldap_basedn }}
ldap_tls_check_peer: yes
ldap_tls_cacert_file: {{ tls_bundle }}
ldap_use_sasl: yes
ldap_mech: EXTERNAL
ldap_tls_cert: {{ tls_certs }}/{{ inventory_hostname }}.crt
ldap_tls_key: {{ tls_private }}/{{ inventory_hostname }}.key