forked from ungleich-public/cdist
[new-type] __openldap_server: Add admin-email parameter.
This commit is contained in:
parent
fd430eab62
commit
1ad605a509
3 changed files with 13 additions and 1 deletions
|
@ -48,6 +48,11 @@ syncrepl-searchbase
|
|||
The searchbase to use for replication.
|
||||
E.g. `dc=ungleich,dc=ch`. See `slapd.conf(5)`.
|
||||
|
||||
admin-email
|
||||
Passed to `cdist-type__letsencrypt_cert`; has otherwise no use.
|
||||
Required if using `__letsencrypt_cert`.
|
||||
Where to send Let's Encrypt emails like "certificate needs renewal".
|
||||
|
||||
tls-cert
|
||||
If defined, `__letsencrypt_cert` is not used and this must be the path in
|
||||
the remote hosts to the PEM-encoded TLS certificate.
|
||||
|
|
|
@ -58,6 +58,12 @@ if [ -f "${__object}/parameter/tls-cert" ]; then
|
|||
|
||||
_skip_letsencrypt_cert="YES"
|
||||
else
|
||||
if [ ! -f "${__object}/parameter/admin-email" ]; then
|
||||
echo "When using __letsencrypt_cert, admin-email is also required." >&2
|
||||
exit 1
|
||||
fi
|
||||
admin_email=$(cat "${__object}/parameter/admin-email")
|
||||
|
||||
tls_cert="${SLAPD_DIR}/sasl2/cert.pem"
|
||||
tls_privkey="${SLAPD_DIR}/sasl2/privkey.pem"
|
||||
tls_ca="${SLAPD_DIR}/sasl2/chain.pem"
|
||||
|
@ -131,7 +137,7 @@ if [ -z "${_skip_letsencrypt_cert}" ]; then
|
|||
staging=""
|
||||
fi
|
||||
|
||||
__letsencrypt_cert "${name}" --admin-email technik@ungleich.ch \
|
||||
__letsencrypt_cert "${name}" --admin-email "${admin_email}" \
|
||||
--renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \
|
||||
--automatic-renewal ${staging}
|
||||
fi
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
syncrepl-credentials
|
||||
syncrepl-searchbase
|
||||
admin-email
|
||||
tls-cert
|
||||
tls-privkey
|
||||
tls-ca
|
||||
|
|
Loading…
Reference in a new issue