xoxys.ldap_proxy/templates/etc/openldap/slapd.conf.j2

#jinja2: lstrip_blocks: True
{{ ansible_managed | comment }}
### Schema includes ###########################################################
include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema
{% for schema in ldap_proxy_custom_schemas %}
include         /etc/openldap/schema/{{ schema | basename }}
{% endfor %}

## Module paths ##############################################################
modulepath              /usr/lib64/openldap/
modulepath              /usr/lib64/openldap
moduleload              back_ldap
moduleload              rwm
moduleload              memberof.la

# Main settings ###############################################################
pidfile                 /var/run/openldap/slapd.pid
argsfile                /var/run/openldap/slapd.args

TLSCertificateFile      {{ ldap_proxy_tls_cert_path }}
TLSCertificateKeyFile   {{ ldap_proxy_tls_key_path }}
TLSCACertificateFile    {{ ldap_proxy_tls_ca_path }}
TLSCipherSuite          HIGH:MEDIUM:!aNULL:!MD5:!RC4
TLSProtocolMin          3.1

### Database definition (Proxy to AD) #########################################
database                ldap
{% if ldap_proxy_readonly_enabled %}
readonly                yes
{% endif %}
lastmod                 off
rebind-as-user
uri                     "{{ ldap_proxy_server }}"
suffix                  "{{ ldap_proxy_server_suffix }}"

overlay                 memberof

### ACL definition ############################################################
include                 "{{ ldap_proxy_acl_file }}"

### Logging ###################################################################
loglevel                {{ ldap_proxy_loglevel }}
initial commit 2018-12-01 01:31:11 +01:00			`#jinja2: lstrip_blocks: True`
enable molecule 2019-09-18 17:23:35 +02:00			`{{ ansible_managed \| comment }}`
initial commit 2018-12-01 01:31:11 +01:00			`### Schema includes ###########################################################`
			`include /etc/openldap/schema/corba.schema`
			`include /etc/openldap/schema/core.schema`
			`include /etc/openldap/schema/cosine.schema`
			`include /etc/openldap/schema/duaconf.schema`
			`include /etc/openldap/schema/dyngroup.schema`
			`include /etc/openldap/schema/inetorgperson.schema`
			`include /etc/openldap/schema/java.schema`
			`include /etc/openldap/schema/misc.schema`
			`include /etc/openldap/schema/nis.schema`
			`include /etc/openldap/schema/openldap.schema`
			`include /etc/openldap/schema/ppolicy.schema`
			`include /etc/openldap/schema/collective.schema`
add custom schemas to config 2018-12-12 22:11:55 +01:00			`{% for schema in ldap_proxy_custom_schemas %}`
fix wrong wariable in template 2018-12-12 22:20:02 +01:00			`include /etc/openldap/schema/{{ schema \| basename }}`
fix templateing 2018-12-12 22:18:14 +01:00			`{% endfor %}`
initial commit 2018-12-01 01:31:11 +01:00
			`## Module paths ##############################################################`
			`modulepath /usr/lib64/openldap/`
			`modulepath /usr/lib64/openldap`
			`moduleload back_ldap`
			`moduleload rwm`
add memberof overlay 2018-12-02 02:21:16 +01:00			`moduleload memberof.la`
initial commit 2018-12-01 01:31:11 +01:00
			`# Main settings ###############################################################`
			`pidfile /var/run/openldap/slapd.pid`
			`argsfile /var/run/openldap/slapd.args`

			`TLSCertificateFile {{ ldap_proxy_tls_cert_path }}`
			`TLSCertificateKeyFile {{ ldap_proxy_tls_key_path }}`
			`TLSCACertificateFile {{ ldap_proxy_tls_ca_path }}`
			`TLSCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4`
			`TLSProtocolMin 3.1`

			`### Database definition (Proxy to AD) #########################################`
			`database ldap`
			`{% if ldap_proxy_readonly_enabled %}`
			`readonly yes`
			`{% endif %}`
			`lastmod off`
			`rebind-as-user`
			`uri "{{ ldap_proxy_server }}"`
			`suffix "{{ ldap_proxy_server_suffix }}"`

add memberof overlay 2018-12-02 02:21:16 +01:00			`overlay memberof`

small fixes and cleanups 2018-12-01 15:51:13 +01:00			`### ACL definition ############################################################`
setup ldap acl 2018-12-01 15:33:37 +01:00			`include "{{ ldap_proxy_acl_file }}"`

initial commit 2018-12-01 01:31:11 +01:00			`### Logging ###################################################################`
			`loglevel {{ ldap_proxy_loglevel }}`