tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ldap: Disable SSLv3 and add list of ciphers to ldap::server.

Browse source
This commit is contained in:
Timo Makinen 2014-12-11 21:27:25 +02:00
parent 80fdf06830
commit 045fa50765
2 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
ldap/manifests/init.pp
View file

@ -354,6 +354,7 @@ class ldap::client::ruby {
class ldap::server { class ldap::server {
require ssl require ssl
include ssl::ciphersuites
if !$ldap_server_key { if !$ldap_server_key {
$ldap_server_key = "${puppet_ssldir}/private_keys/${homename}.pem" $ldap_server_key = "${puppet_ssldir}/private_keys/${homename}.pem"

2
ldap/templates/slapd.conf.erb
View file

@ -43,6 +43,8 @@ TLSCertificateFile <%= scope.lookupvar('ssl::certs') %>/slapd.crt
TLSCertificateKeyFile <%= scope.lookupvar('ssl::private') %>/slapd.key TLSCertificateKeyFile <%= scope.lookupvar('ssl::private') %>/slapd.key
TLSCACertificatePath <%= scope.lookupvar('ldap::server::config') %>/cacerts TLSCACertificatePath <%= scope.lookupvar('ldap::server::config') %>/cacerts
TLSVerifyClient try TLSVerifyClient try
TLSCipherSuite <%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>
TLSProtocolMin 3.1
# include database configs # include database configs
include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/database.conf include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/database.conf