tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
puppet/ldap/templates/slapd-database.conf.erb
Ossi Salmi d88d0a9f93 Fixed sasl-regexp in slapd.conf
2012-07-17 16:44:26 +03:00

72 lines
2.3 KiB
Text
Raw Blame History

#######################################################################
# Database <%= name %> config
#######################################################################
database hdb
suffix "<%= name %>"
checkpoint 1024 15
rootdn "cn=manager,<%= name %>"
<% if has_variable?("ldap_server_modules") -%>
<% ldap_server_modules.each do |name| -%>
overlay <%= name %>
<% end -%>
<% end -%>
<% moduleoptions.each do |name| -%>
<%= name.split("=")[0] %> <%= name.split("=")[1] %>
<% end -%>
overlay ppolicy
ppolicy_default cn=pwdPolicy,cn=config,<%= name %>
ppolicy_hash_cleartext
ppolicy_use_lockout
password-hash {CRYPT}
password-crypt-salt-format "$6$%.8s"
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /srv/ldap/<%= name %>
<% if master != "" -%>
# replication
syncrepl rid=2
provider=<%= master %>
type=refreshAndPersist
retry="10 10 60 +"
searchbase="<%= ldap_basedn %>"
filter="(objectClass=*)"
scope="sub"
sizelimit=500000
timelimit=360000
schemachecking="off"
bindmethod="simple"
tls_reqcert="never"
binddn="uid=replicator,cn=config,<%= ldap_basedn %>"
credentials="<%= syncpw %>"
updateref <%= master %>
<% end -%>
# include acl and index configs
include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/acl.<%= name %>.conf
include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/index.<%= name %>.conf
# map local users connecting via ldapi:///
sasl-regexp "gidNumber=([\d]+)+uidNumber=0,cn=peercred,cn=external,cn=auth"
"cn=manager,<%= name %>"
sasl-regexp "gidNumber=([\d]+)+uidNumber=([\d]+),cn=peercred,cn=external,cn=auth"
ldap:///<%= name %>??sub?(&(uidNumber=$2)(objectClass=posixAccount))
# map sasl authenticated users
sasl-regexp "uid=(.*),cn=plain,cn=auth"
ldap:///<%= name %>??sub?(&(uid=$1)(objectClass=posixAccount))
sasl-regexp "uid=(.*),cn=login,cn=auth"
ldap:///<%= name %>??sub?(&(uid=$1)(objectClass=posixAccount))
sasl-regexp "uid=(.*),cn=gssapi,cn=auth"
ldap:///<%= name %>??sub?(&(uid=$1)(|(objectClass=posixAccount)(objectClass=krb5Principal)))
Reference in a new issue View git blame Copy permalink