Merge branch 'evilham-openldap' into 'master'
[new-type] __openldap_server See merge request ungleich-public/cdist!822
This commit is contained in:
commit
c58c4b8309
11 changed files with 551 additions and 0 deletions
44
cdist/conf/type/__openldap_server/gencode-remote
Normal file
44
cdist/conf/type/__openldap_server/gencode-remote
Normal file
|
@ -0,0 +1,44 @@
|
|||
#!/bin/sh
|
||||
|
||||
manager_dn=$(cat "${__object}/parameter/manager-dn")
|
||||
manager_password=$(cat "${__object}/parameter/manager-password")
|
||||
description=$(cat "${__object}/parameter/description")
|
||||
suffix=$(cat "${__object}/parameter/suffix")
|
||||
suffix_dc=$(echo -n ${suffix} | awk -F',' '{print $1}' | awk -F'=' '{print $2}')
|
||||
|
||||
SLAPD_IPC=$(cat "${__object}/parameter/slapd-url" | tr '\n' ' ' | awk '{ print $1}')
|
||||
|
||||
cat <<DONE # | tee /dev/stderr
|
||||
# Restart service
|
||||
service slapd restart
|
||||
# It can sometimes take a tiny bit to bind
|
||||
sleep 1
|
||||
# Create or update base object
|
||||
if ldapsearch -xZ -D "${manager_dn}" -w "${manager_password}" -H '${SLAPD_IPC}' -b '${suffix}' -s base 2>&1 > /dev/null; then
|
||||
# Already exists, use ldapmodify
|
||||
ldapmodify -xZ -D "${manager_dn}" -w "${manager_password}" -H '${SLAPD_IPC}' <<EOF
|
||||
dn: ${suffix}
|
||||
changetype: modify
|
||||
replace: objectClass
|
||||
objectClass: top
|
||||
objectClass: dcObject
|
||||
objectClass: organization
|
||||
-
|
||||
replace: o
|
||||
o: ${description}
|
||||
-
|
||||
replace: dc
|
||||
dc: ${suffix_dc}
|
||||
EOF
|
||||
else
|
||||
# Does not exist, use ldapadd
|
||||
ldapadd -xZ -D "${manager_dn}" -w "${manager_password}" -H '${SLAPD_IPC}' <<EOF
|
||||
dn: ${suffix}
|
||||
objectClass: top
|
||||
objectClass: dcObject
|
||||
objectClass: organization
|
||||
o: ${description}
|
||||
dc: ${suffix_dc}
|
||||
EOF
|
||||
fi
|
||||
DONE
|
212
cdist/conf/type/__openldap_server/man.rst
Normal file
212
cdist/conf/type/__openldap_server/man.rst
Normal file
|
@ -0,0 +1,212 @@
|
|||
cdist-type__openldap_server(7)
|
||||
==============================
|
||||
|
||||
NAME
|
||||
----
|
||||
cdist-type__openldap_server - Setup an openldap(4) server instance
|
||||
|
||||
|
||||
DESCRIPTION
|
||||
-----------
|
||||
This type can be used to bootstrap an LDAP environment using openldap as slapd.
|
||||
|
||||
It bootstraps the LDAP server with sane defaults and creates and manages the
|
||||
base DN defined by `suffix`.
|
||||
|
||||
|
||||
REQUIRED PARAMETERS
|
||||
-------------------
|
||||
manager-dn
|
||||
The rootdn to set up in the directory.
|
||||
E.g. `cn=manager,dc=ungleich,dc=ch`. See `slapd.conf(5)`.
|
||||
|
||||
manager-password
|
||||
The password for `manager-dn` in the directory.
|
||||
This will be used to connect to the LDAP server on the first `slapd-url`
|
||||
with the given `manager-dn`.
|
||||
|
||||
manager-password-hash
|
||||
The password for `manager-dn` in the directory.
|
||||
This should be valid for `slapd.conf` like `{SSHA}qV+mCs3u8Q2sCmUXT4Ybw7MebHTASMyr`.
|
||||
Generate e.g. with: `slappasswd -s weneedgoodsecurity`.
|
||||
See `slappasswd(8C)`, `slapd.conf(5)`.
|
||||
TODO: implement this: http://blog.adamsbros.org/2015/06/09/openldap-ssha-salted-hashes-by-hand/
|
||||
to derive from the manager-password parameter and ensure idempotency (care with salts).
|
||||
At that point, manager-password-hash should be deprecated and ignored.
|
||||
|
||||
serverid
|
||||
The server for the directory.
|
||||
E.g. `dc=ungleich,dc=ch`. See `slapd.conf(5)`.
|
||||
|
||||
suffix
|
||||
The suffix for the directory.
|
||||
E.g. `dc=ungleich,dc=ch`. See `slapd.conf(5)`.
|
||||
|
||||
|
||||
REQUIRED MULTIPLE PARAMETERS
|
||||
----------------------------
|
||||
slapd-url
|
||||
A URL for slapd to listen on.
|
||||
Pass once for each URL you want to support,
|
||||
e.g.: `--slapd-url ldaps://my.fqdn/ --slapd-url ldap://my.fqdn/`.
|
||||
The first instance that is passed will be used as the main URL to
|
||||
connect to this LDAP server
|
||||
See the `-h` flag in `slapd(8C)`.
|
||||
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
syncrepl-credentials
|
||||
Only has an effect if `replicate` is set; required in that case.
|
||||
This secret is shared amongst the hosts that will replicate the directory.
|
||||
Note that each replication server needs this secret and it is saved in
|
||||
plain text in the directory.
|
||||
|
||||
syncrepl-searchbase
|
||||
Only has an effect if `replicate` is set; required in that case.
|
||||
The searchbase to use for replication.
|
||||
E.g. `dc=ungleich,dc=ch`. See `slapd.conf(5)`.
|
||||
|
||||
admin-email
|
||||
Passed to `cdist-type__letsencrypt_cert`; has otherwise no use.
|
||||
Required if using `__letsencrypt_cert`.
|
||||
Where to send Let's Encrypt emails like "certificate needs renewal".
|
||||
|
||||
tls-cipher-suite
|
||||
Setting for TLSCipherSuite.
|
||||
Defaults to `NORMAL` in a Debian-like OS and `HIGH:MEDIUM:+SSLv2` on FreeBSD.
|
||||
See `slapd.conf(5)`.
|
||||
|
||||
tls-cert
|
||||
If defined, `__letsencrypt_cert` is not used and this must be the path in
|
||||
the remote hosts to the PEM-encoded TLS certificate.
|
||||
Requires: `tls-privkey` and `tls-ca`.
|
||||
Permissions, existence and renewal of these files are left up to the
|
||||
type's user.
|
||||
|
||||
tls-privkey
|
||||
Required if `tls-cert` is defined.
|
||||
Path in the remote hosts to the PEM-encoded private key file.
|
||||
|
||||
tls-ca
|
||||
Required if `tls-cert` is defined.
|
||||
Path in the remote hosts to the PEM-encoded CA certificate file.
|
||||
|
||||
|
||||
OPTIONAL MULTIPLE PARAMETERS
|
||||
----------------------------
|
||||
syncrepl-host
|
||||
Only has an effect if `replicate` is set; required in that case.
|
||||
Set once per host that will replicate the directory.
|
||||
|
||||
module
|
||||
LDAP module to load. See `slapd.conf(5)`.
|
||||
Default value is OS-dependent, see manifest.
|
||||
|
||||
schema
|
||||
Name of LDAP schema to load. Must be the name without extension of a
|
||||
`.schema` file in slapd's schema directory (usually `/etc/slapd/schema` or
|
||||
`/usr/local/etc/openldap/schema`).
|
||||
Example value: `inetorgperson`
|
||||
The type user must ensure that the schema file is deployed.
|
||||
This defaults to a sensible subset, for details see the type definition.
|
||||
|
||||
description
|
||||
The description of the base DN passed in the `suffix` parameter.
|
||||
Defaults to `Managed by cdist, do not edit manually.`
|
||||
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
staging
|
||||
Passed to `cdist-type__letsencrypt_cert`; has otherwise no use.
|
||||
Obtain a test certificate from a staging server.
|
||||
|
||||
replicate
|
||||
Whether to setup replication or not.
|
||||
If present `syncrepl-credentials` and `syncrepl-host` are also required.
|
||||
|
||||
|
||||
EXAMPLES
|
||||
--------
|
||||
|
||||
.. code-block:: sh
|
||||
|
||||
# Example of a simple server with manual certificate management.
|
||||
pki_prefix="/usr/local/etc/pki/realms/ldap.camilion.cloud"
|
||||
__openldap_server \
|
||||
--manager-dn 'cn=manager,dc=camilion,dc=cloud' \
|
||||
--manager-password "foo" \
|
||||
--manager-password-hash '{SSHA}foo' \
|
||||
--serverid 0 \
|
||||
--suffix 'dc=camilion,dc=cloud' \
|
||||
--slapd-url 'ldaps://ldap.camilion.cloud' \
|
||||
--tls-cert "${pki_prefix}/default.crt" \
|
||||
--tls-privkey "${pki_prefix}/default.key" \
|
||||
--tls-ca "${pki_prefix}/CA.crt"
|
||||
|
||||
# The created basedn looks as follows:
|
||||
#
|
||||
# dn: dc=camilion,dc=cloud
|
||||
# objectClass: top
|
||||
# objectClass: dcObject
|
||||
# objectClass: organization
|
||||
# o: Managed by cdist, do not edit manually.
|
||||
# dc: camilion
|
||||
#
|
||||
# Do not change it manually, the type will overwrite your changes.
|
||||
|
||||
|
||||
#
|
||||
# Changing to a replicated setup is a simple change to something like:
|
||||
#
|
||||
# Example for multiple servers with replication and automatic
|
||||
# Let's Encrypt certificate management through certbot.
|
||||
id=1
|
||||
for host in ldap-test1.ungleich.ch ldap-test2.ungleich.ch; do
|
||||
echo "__ungleich_ldap \
|
||||
--manager-dn 'cn=manager,dc=ungleich,dc=ch' \
|
||||
--manager-psasword 'foo' \
|
||||
--manager-password-hash '{SSHA}fooo' \
|
||||
--serverid '${id}' \
|
||||
--suffix 'dc=ungleich,dc=ch' \
|
||||
--slapd-url ldap://${host} \
|
||||
--searchbase 'dc=ungleich,dc=ch' \
|
||||
--syncrepl-credentials 'fooo' \
|
||||
--syncrepl-host 'ldap-test1.ungleich.ch' \
|
||||
--syncrepl-host 'ldap-test2.ungleich.ch' \
|
||||
--description 'Ungleich LDAP server'" \
|
||||
--staging \
|
||||
| cdist config -i - -v ${host}
|
||||
id=$((id + 1))
|
||||
done
|
||||
|
||||
# The created basedn looks as follows:
|
||||
#
|
||||
# dn: dc=ungleich,dc=ch
|
||||
# objectClass: top
|
||||
# objectClass: dcObject
|
||||
# objectClass: organization
|
||||
# o: Ungleich LDAP server
|
||||
# dc: ungleich
|
||||
#
|
||||
# Do not change it manually, the type will overwrite your changes.
|
||||
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
:strong:`cdist-type__letsencrypt_cert`\ (7)
|
||||
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
ungleich <foss--@--ungleich.ch>
|
||||
Evilham <contact--@--evilham.com>
|
||||
|
||||
|
||||
COPYING
|
||||
-------
|
||||
Copyright \(C) 2020 ungleich glarus ag. You can redistribute it
|
||||
and/or modify it under the terms of the GNU General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
263
cdist/conf/type/__openldap_server/manifest
Normal file
263
cdist/conf/type/__openldap_server/manifest
Normal file
|
@ -0,0 +1,263 @@
|
|||
#!/bin/sh
|
||||
|
||||
name="${__target_host}"
|
||||
manager_dn=$(cat "${__object}/parameter/manager-dn")
|
||||
manager_password_hash=$(cat "${__object}/parameter/manager-password-hash")
|
||||
serverid=$(cat "${__object}/parameter/serverid")
|
||||
suffix=$(cat "${__object}/parameter/suffix")
|
||||
slapd_modules=$(cat "${__object}/parameter/module" 2>/dev/null || true)
|
||||
schemas=$(cat "${__object}/parameter/schema")
|
||||
slapd_urls=$(cat "${__object}/parameter/slapd-url" | tr '\n' ' ')
|
||||
tls_cipher_suite=$(cat "${__object}/parameter/tls-cipher-suite" 2>/dev/null || true)
|
||||
|
||||
|
||||
os="$(cat "${__global}/explorer/os")"
|
||||
|
||||
# Setup OS-dependent vars
|
||||
CONF_OWNER="root"
|
||||
CONF_GROUP="root"
|
||||
case "${os}" in
|
||||
freebsd)
|
||||
PKGS="openldap-server"
|
||||
ETC="/usr/local/etc"
|
||||
SLAPD_DIR="/usr/local/etc/openldap"
|
||||
SLAPD_DATA_DIR="/var/db/openldap-data"
|
||||
SLAPD_RUN_DIR="/var/run/openldap"
|
||||
SLAPD_MODULE_PATH="/usr/local/libexec/openldap"
|
||||
if [ -z "${slapd_modules}" ]; then
|
||||
# It looks like ppolicy and syncprov must be compiled
|
||||
slapd_modules="back_mdb back_monitor"
|
||||
fi
|
||||
CONF_OWNER="ldap"
|
||||
CONF_GROUP="ldap"
|
||||
if [ -z "${tls_cipher_suite}" ]; then
|
||||
# TODO: research default for FreeBSD. 'NORMAL' appears to not work
|
||||
tls_cipher_suite="HIGH:MEDIUM:+SSLv2"
|
||||
fi
|
||||
;;
|
||||
debian|ubuntu|devuan)
|
||||
PKGS="slapd ldap-utils"
|
||||
ETC="/etc"
|
||||
SLAPD_DIR="/etc/ldap"
|
||||
SLAPD_DATA_DIR="/var/lib/ldap"
|
||||
SLAPD_RUN_DIR="/var/run/slapd"
|
||||
SLAPD_MODULE_PATH="/usr/lib/ldap"
|
||||
if [ -z "${slapd_modules}" ]; then
|
||||
slapd_modules="back_mdb ppolicy syncprov back_monitor"
|
||||
fi
|
||||
if [ -z "${tls_cipher_suite}" ]; then
|
||||
tls_cipher_suite="NORMAL"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
echo "Don't know the openldap defaults for: $os" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
PKG_MAIN=$(echo ${PKGS} | awk '{print $1;}')
|
||||
|
||||
|
||||
# Determine if __letsencrypt_cert is to be used and setup vars accordingly
|
||||
if [ -f "${__object}/parameter/tls-cert" ]; then
|
||||
tls_cert=$(cat "${__object}/parameter/tls-cert")
|
||||
|
||||
if [ ! -f "${__object}/parameter/tls-privkey" ]; then
|
||||
echo "When tls-cert is defined, tls-privkey is also required." >&2
|
||||
exit 1
|
||||
fi
|
||||
tls_privkey=$(cat "${__object}/parameter/tls-privkey")
|
||||
|
||||
if [ ! -f "${__object}/parameter/tls-ca" ]; then
|
||||
echo "When tls-cert is defined, tls-ca is also required." >&2
|
||||
exit 1
|
||||
fi
|
||||
tls_ca=$(cat "${__object}/parameter/tls-ca")
|
||||
|
||||
_skip_letsencrypt_cert="YES"
|
||||
else
|
||||
if [ ! -f "${__object}/parameter/admin-email" ]; then
|
||||
echo "When using __letsencrypt_cert, admin-email is also required." >&2
|
||||
exit 1
|
||||
fi
|
||||
admin_email=$(cat "${__object}/parameter/admin-email")
|
||||
|
||||
tls_cert="${SLAPD_DIR}/sasl2/cert.pem"
|
||||
tls_privkey="${SLAPD_DIR}/sasl2/privkey.pem"
|
||||
tls_ca="${SLAPD_DIR}/sasl2/chain.pem"
|
||||
fi
|
||||
|
||||
mkdir "${__object}/files"
|
||||
ldapconf="${__object}/files/ldapconf"
|
||||
|
||||
replication=""
|
||||
if [ -f "${__object}/parameter/replicate" ]; then
|
||||
replication=yes
|
||||
|
||||
if [ ! -f "${__object}/parameter/syncrepl-searchbase" ]; then
|
||||
echo "Requiring the searchbase for replication" >&2
|
||||
exit 1
|
||||
fi
|
||||
syncrepl_searchbase=$(cat "${__object}/parameter/syncrepl-searchbase")
|
||||
|
||||
if [ ! -f "${__object}/parameter/syncrepl-credentials" ]; then
|
||||
echo "Requiring credentials for replication" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
syncrepl_credentials=$(cat "${__object}/parameter/syncrepl-credentials")
|
||||
|
||||
if [ ! -f "${__object}/parameter/syncrepl-host" ]; then
|
||||
echo "Requiring host(s) for replication" >&2
|
||||
exit 1
|
||||
fi
|
||||
syncrepl_hosts=$(cat "${__object}/parameter/syncrepl-host")
|
||||
|
||||
fi
|
||||
|
||||
# Install required packages
|
||||
for pkg in ${PKGS}; do
|
||||
__package ${pkg}
|
||||
done
|
||||
|
||||
|
||||
require="__package/${PKG_MAIN}" __start_on_boot slapd
|
||||
|
||||
# Setup -h flag for the listeners. See man slapd (-h flag).
|
||||
case "${os}" in
|
||||
freebsd)
|
||||
require="__start_on_boot/slapd" __key_value \
|
||||
--file "/etc/rc.conf" \
|
||||
--key "slapd_flags" \
|
||||
--value "\"-h '${slapd_urls}'\"" \
|
||||
--delimiter "=" \
|
||||
--comment "# LDAP Listener URLs" \
|
||||
"${__target_host}__slapd_flags"
|
||||
;;
|
||||
debian|ubuntu|devuan)
|
||||
require="__package/${PKG_MAIN}" __line rm_slapd_conf \
|
||||
--file ${ETC}/default/slapd \
|
||||
--regex 'SLAPD_CONF=.*' \
|
||||
--state absent
|
||||
|
||||
require="__package/${PKG_MAIN}" __line rm_slapd_services \
|
||||
--file ${ETC}/default/slapd \
|
||||
--regex 'SLAPD_SERVICES=.*' \
|
||||
--state absent
|
||||
|
||||
require="__line/rm_slapd_conf" __line add_slapd_conf \
|
||||
--file ${ETC}/default/slapd \
|
||||
--line 'SLAPD_CONF=${SLAPD_DIR}/slapd.conf' \
|
||||
--state present
|
||||
|
||||
require="__line/rm_slapd_services" __line add_slapd_services \
|
||||
--file ${ETC}/default/slapd \
|
||||
--line "SLAPD_SERVICES=\"${slapd_urls}\"" \
|
||||
--state present
|
||||
;;
|
||||
*)
|
||||
# Nothing to do here, move on.
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
if [ -z "${_skip_letsencrypt_cert}" ]; then
|
||||
if [ -f "${__object}/parameter/staging" ]; then
|
||||
staging="--staging"
|
||||
else
|
||||
staging=""
|
||||
fi
|
||||
|
||||
__letsencrypt_cert "${name}" --admin-email "${admin_email}" \
|
||||
--renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \
|
||||
--automatic-renewal ${staging}
|
||||
fi
|
||||
|
||||
require="__package/${PKG_MAIN}" __directory ${SLAPD_DIR}/slapd.d --state absent
|
||||
|
||||
if [ -z "${_skip_letsencrypt_cert}" ]; then
|
||||
require="__package/${PKG_MAIN} __letsencrypt_cert/${name}" \
|
||||
__file ${SLAPD_DIR}/slapd.conf --owner ${CONF_OWNER} --group ${CONF_GROUP} --mode 644 \
|
||||
--source "${ldapconf}"
|
||||
else
|
||||
require="__package/${PKG_MAIN}" \
|
||||
__file ${SLAPD_DIR}/slapd.conf --owner ${CONF_OWNER} --group ${CONF_GROUP} --mode 644 \
|
||||
--source "${ldapconf}"
|
||||
fi
|
||||
|
||||
# Start slapd.conf
|
||||
cat << EOF > "${ldapconf}"
|
||||
pidfile ${SLAPD_RUN_DIR}/slapd.pid
|
||||
argsfile ${SLAPD_RUN_DIR}/slapd.args
|
||||
|
||||
TLSCipherSuite ${tls_cipher_suite}
|
||||
TLSCertificateFile ${tls_cert}
|
||||
TLSCertificateKeyFile ${tls_privkey}
|
||||
TLSCACertificateFile ${tls_ca}
|
||||
|
||||
disallow bind_anon
|
||||
require bind
|
||||
security tls=1
|
||||
EOF
|
||||
|
||||
# Add specified schemas
|
||||
for schema in ${schemas}; do
|
||||
echo "include ${SLAPD_DIR}/schema/${schema}.schema" >> "${ldapconf}"
|
||||
done
|
||||
|
||||
# Add specified modules
|
||||
echo "modulepath ${SLAPD_MODULE_PATH}" >> "${ldapconf}"
|
||||
for module in ${slapd_modules}; do
|
||||
echo "moduleload ${module}.la" >> "${ldapconf}"
|
||||
done
|
||||
|
||||
# Rest of the config
|
||||
cat << EOF >> "${ldapconf}"
|
||||
loglevel 1024
|
||||
|
||||
database mdb
|
||||
maxsize 1073741824
|
||||
|
||||
suffix "${suffix}"
|
||||
directory ${SLAPD_DATA_DIR}
|
||||
rootdn "${manager_dn}"
|
||||
rootpw "${manager_password_hash}"
|
||||
|
||||
index objectClass eq,pres
|
||||
index ou,cn,mail,surname,givenname eq,pres,sub
|
||||
index uidNumber,gidNumber,loginShell eq,pres
|
||||
index uid,memberUid eq,pres,sub
|
||||
index nisMapName,nisMapEntry eq,pres,sub
|
||||
index entryCSN,entryUUID eq
|
||||
|
||||
serverid ${serverid}
|
||||
EOF
|
||||
|
||||
# Setup replication
|
||||
if [ "${replication}" ]; then
|
||||
rid=1;
|
||||
for syncrepl in ${syncrepl_hosts}; do
|
||||
cat <<EOF >> "${ldapconf}"
|
||||
syncrepl rid=${rid}
|
||||
provider=ldap://${syncrepl}
|
||||
bindmethod=simple
|
||||
starttls=yes
|
||||
binddn="${manager_dn}"
|
||||
credentials=${syncrepl_credentials}
|
||||
searchbase="${syncrepl_searchbase}"
|
||||
type=refreshAndPersist
|
||||
retry="5 + 5 +"
|
||||
interval=00:00:00:05
|
||||
EOF
|
||||
rid=$((rid + 1))
|
||||
done
|
||||
cat <<EOF >> "${ldapconf}"
|
||||
mirrormode true
|
||||
overlay syncprov
|
||||
syncprov-checkpoint 100 5
|
||||
syncprov-sessionlog 100
|
||||
|
||||
database monitor
|
||||
limits dn.exact="${manager_dn}" time=unlimited size=unlimited
|
||||
EOF
|
||||
fi
|
2
cdist/conf/type/__openldap_server/parameter/boolean
Normal file
2
cdist/conf/type/__openldap_server/parameter/boolean
Normal file
|
@ -0,0 +1,2 @@
|
|||
staging
|
||||
replicate
|
|
@ -0,0 +1 @@
|
|||
Managed by cdist, do not edit manually.
|
12
cdist/conf/type/__openldap_server/parameter/default/schema
Normal file
12
cdist/conf/type/__openldap_server/parameter/default/schema
Normal file
|
@ -0,0 +1,12 @@
|
|||
corba
|
||||
core
|
||||
cosine
|
||||
duaconf
|
||||
dyngroup
|
||||
inetorgperson
|
||||
java
|
||||
misc
|
||||
nis
|
||||
openldap
|
||||
ppolicy
|
||||
collective
|
8
cdist/conf/type/__openldap_server/parameter/optional
Normal file
8
cdist/conf/type/__openldap_server/parameter/optional
Normal file
|
@ -0,0 +1,8 @@
|
|||
description
|
||||
syncrepl-credentials
|
||||
syncrepl-searchbase
|
||||
admin-email
|
||||
tls-cipher-suite
|
||||
tls-cert
|
||||
tls-privkey
|
||||
tls-ca
|
|
@ -0,0 +1,3 @@
|
|||
syncrepl-host
|
||||
module
|
||||
schema
|
5
cdist/conf/type/__openldap_server/parameter/required
Normal file
5
cdist/conf/type/__openldap_server/parameter/required
Normal file
|
@ -0,0 +1,5 @@
|
|||
manager-dn
|
||||
manager-password
|
||||
manager-password-hash
|
||||
serverid
|
||||
suffix
|
|
@ -0,0 +1 @@
|
|||
slapd-url
|
0
cdist/conf/type/__openldap_server/singleton
Normal file
0
cdist/conf/type/__openldap_server/singleton
Normal file
Loading…
Reference in a new issue