xoxys.ldap_proxy/templates/etc/openldap/slapd.conf.j2

#jinja2: lstrip_blocks: True
# {{ ansible_managed }}
### Schema includes ###########################################################
include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema

## Module paths ##############################################################
modulepath              /usr/lib64/openldap/
modulepath              /usr/lib64/openldap
moduleload              back_ldap
moduleload              rwm

# Main settings ###############################################################
pidfile                 /var/run/openldap/slapd.pid
argsfile                /var/run/openldap/slapd.args

TLSCertificateFile      {{ ldap_proxy_tls_cert_path }}
TLSCertificateKeyFile   {{ ldap_proxy_tls_key_path }}
TLSCACertificateFile    {{ ldap_proxy_tls_ca_path }}
TLSCipherSuite          HIGH:MEDIUM:!aNULL:!MD5:!RC4
TLSProtocolMin          3.1

### Database definition (Proxy to AD) #########################################
database                ldap
{% if ldap_proxy_readonly_enabled %}
readonly                yes
{% endif %}
lastmod                 off
rebind-as-user
uri                     "{{ ldap_proxy_server }}"
suffix                  "{{ ldap_proxy_server_suffix }}"

### ACL definition ############################################################
include                 "{{ ldap_proxy_acl_file }}"

### Logging ###################################################################
loglevel                {{ ldap_proxy_loglevel }}
initial commit 2018-12-01 00:31:11 +00:00			`#jinja2: lstrip_blocks: True`
			`# {{ ansible_managed }}`
			`### Schema includes ###########################################################`
			`include /etc/openldap/schema/corba.schema`
			`include /etc/openldap/schema/core.schema`
			`include /etc/openldap/schema/cosine.schema`
			`include /etc/openldap/schema/duaconf.schema`
			`include /etc/openldap/schema/dyngroup.schema`
			`include /etc/openldap/schema/inetorgperson.schema`
			`include /etc/openldap/schema/java.schema`
			`include /etc/openldap/schema/misc.schema`
			`include /etc/openldap/schema/nis.schema`
			`include /etc/openldap/schema/openldap.schema`
			`include /etc/openldap/schema/ppolicy.schema`
			`include /etc/openldap/schema/collective.schema`

			`## Module paths ##############################################################`
			`modulepath /usr/lib64/openldap/`
			`modulepath /usr/lib64/openldap`
			`moduleload back_ldap`
			`moduleload rwm`

			`# Main settings ###############################################################`
			`pidfile /var/run/openldap/slapd.pid`
			`argsfile /var/run/openldap/slapd.args`

			`TLSCertificateFile {{ ldap_proxy_tls_cert_path }}`
			`TLSCertificateKeyFile {{ ldap_proxy_tls_key_path }}`
			`TLSCACertificateFile {{ ldap_proxy_tls_ca_path }}`
			`TLSCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4`
			`TLSProtocolMin 3.1`

			`### Database definition (Proxy to AD) #########################################`
			`database ldap`
			`{% if ldap_proxy_readonly_enabled %}`
			`readonly yes`
			`{% endif %}`
			`lastmod off`
			`rebind-as-user`
			`uri "{{ ldap_proxy_server }}"`
			`suffix "{{ ldap_proxy_server_suffix }}"`

small fixes and cleanups 2018-12-01 14:51:13 +00:00			`### ACL definition ############################################################`
setup ldap acl 2018-12-01 14:33:37 +00:00			`include "{{ ldap_proxy_acl_file }}"`

initial commit 2018-12-01 00:31:11 +00:00			`### Logging ###################################################################`
			`loglevel {{ ldap_proxy_loglevel }}`