[new-type] __openldap_server: Add admin-email parameter.

2019-12-09 19:49:05 +01:00 · 2019-12-09 19:49:05 +01:00 · 1ad605a509
commit 1ad605a509
parent fd430eab62
3 changed files with 13 additions and 1 deletions
--- a/cdist/conf/type/__openldap_server/man.rst
+++ b/cdist/conf/type/__openldap_server/man.rst
@ -48,6 +48,11 @@ syncrepl-searchbase
    The searchbase to use for replication.
    E.g. `dc=ungleich,dc=ch`. See `slapd.conf(5)`.
 admin-email
    Passed to `cdist-type__letsencrypt_cert`; has otherwise no use.
    Required if using `__letsencrypt_cert`.
    Where to send Let's Encrypt emails like "certificate needs renewal".
 tls-cert
    If defined, `__letsencrypt_cert` is not used and this must be the path in
    the remote hosts to the PEM-encoded TLS certificate.
--- a/cdist/conf/type/__openldap_server/manifest
+++ b/cdist/conf/type/__openldap_server/manifest
@ -58,6 +58,12 @@ if [ -f "${__object}/parameter/tls-cert" ]; then
    _skip_letsencrypt_cert="YES"
 else
    if [ ! -f "${__object}/parameter/admin-email" ]; then
        echo "When using __letsencrypt_cert, admin-email is also required." >&2
        exit 1
    fi
    admin_email=$(cat "${__object}/parameter/admin-email")
    tls_cert="${SLAPD_DIR}/sasl2/cert.pem"
    tls_privkey="${SLAPD_DIR}/sasl2/privkey.pem"
    tls_ca="${SLAPD_DIR}/sasl2/chain.pem"
@ -131,7 +137,7 @@ if [ -z "${_skip_letsencrypt_cert}" ]; then
        staging=""
    fi
-    __letsencrypt_cert "${name}" --admin-email technik@ungleich.ch \
+    __letsencrypt_cert "${name}" --admin-email "${admin_email}" \
        --renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \
        --automatic-renewal ${staging}
 fi
--- a/cdist/conf/type/__openldap_server/parameter/optional
+++ b/cdist/conf/type/__openldap_server/parameter/optional
@ -1,5 +1,6 @@
 syncrepl-credentials
 syncrepl-searchbase
 admin-email
 tls-cert
 tls-privkey
 tls-ca