Refactored ldap::server class.

2012-03-13 14:50:00 +02:00 · 2012-03-13 14:50:00 +02:00 · 756cbeb4f5
commit 756cbeb4f5
parent 742008eee8
8 changed files with 4051 additions and 58 deletions
--- a/ldap/templates/slapd.conf.erb
+++ b/ldap/templates/slapd.conf.erb
@ -0,0 +1,45 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+
+# Schema configs in different file
+include		<%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/schema.conf
+
+# disable logging
+loglevel	none
+
+# require modern cipher (at least 128bits) for authentication
+security simple_bind=128
+
+# limit search result sizes (but don't set hard limit)
+sizelimit size.soft=500
+sizelimit size.hard=none
+
+pidfile		/var/run/openldap/slapd.pid
+argsfile	/var/run/openldap/slapd.args
+
+# overlay modules to load
+modulepath /usr/lib/openldap
+moduleload ppolicy.la
+moduleload syncprov.la
+<% if has_variable?('ldap_server_modules') -%>
+<%   ldap_server_modules.each do |name| -%>
+moduleload <%= name %>
+<%   end -%>
+<% end -%>
+
+# certificates
+TLSCertificateFile	<%= scope.lookupvar('ssl::certs') %>/slapd.crt
+TLSCertificateKeyFile	<%= scope.lookupvar('ssl::private') %>/slapd.key
+TLSCACertificatePath	<%= scope.lookupvar('ldap::server::config') %>/cacerts
+TLSVerifyClient		never
+
+# include database configs
+include		<%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/database.conf
+
+# enable monitoring database
+database monitor
+access to *
+	by peername.ip=127.0.0.1 read
+        by * none