Commit 1ad605a5 authored by Evil Ham's avatar Evil Ham

[new-type] __openldap_server: Add admin-email parameter.

parent fd430eab
......@@ -48,6 +48,11 @@ syncrepl-searchbase
The searchbase to use for replication.
E.g. `dc=ungleich,dc=ch`. See `slapd.conf(5)`.
admin-email
Passed to `cdist-type__letsencrypt_cert`; has otherwise no use.
Required if using `__letsencrypt_cert`.
Where to send Let's Encrypt emails like "certificate needs renewal".
tls-cert
If defined, `__letsencrypt_cert` is not used and this must be the path in
the remote hosts to the PEM-encoded TLS certificate.
......
......@@ -58,6 +58,12 @@ if [ -f "${__object}/parameter/tls-cert" ]; then
_skip_letsencrypt_cert="YES"
else
if [ ! -f "${__object}/parameter/admin-email" ]; then
echo "When using __letsencrypt_cert, admin-email is also required." >&2
exit 1
fi
admin_email=$(cat "${__object}/parameter/admin-email")
tls_cert="${SLAPD_DIR}/sasl2/cert.pem"
tls_privkey="${SLAPD_DIR}/sasl2/privkey.pem"
tls_ca="${SLAPD_DIR}/sasl2/chain.pem"
......@@ -131,7 +137,7 @@ if [ -z "${_skip_letsencrypt_cert}" ]; then
staging=""
fi
__letsencrypt_cert "${name}" --admin-email technik@ungleich.ch \
__letsencrypt_cert "${name}" --admin-email "${admin_email}" \
--renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \
--automatic-renewal ${staging}
fi
......
syncrepl-credentials
syncrepl-searchbase
admin-email
tls-cert
tls-privkey
tls-ca
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment