55 lines
2.2 KiB
Django/Jinja
55 lines
2.2 KiB
Django/Jinja
#jinja2: lstrip_blocks: True
|
|
{{ ansible_managed | comment }}
|
|
### Schema includes ###########################################################
|
|
include /etc/openldap/schema/corba.schema
|
|
include /etc/openldap/schema/core.schema
|
|
include /etc/openldap/schema/cosine.schema
|
|
include /etc/openldap/schema/duaconf.schema
|
|
include /etc/openldap/schema/dyngroup.schema
|
|
include /etc/openldap/schema/inetorgperson.schema
|
|
include /etc/openldap/schema/java.schema
|
|
include /etc/openldap/schema/misc.schema
|
|
include /etc/openldap/schema/nis.schema
|
|
include /etc/openldap/schema/openldap.schema
|
|
include /etc/openldap/schema/ppolicy.schema
|
|
include /etc/openldap/schema/collective.schema
|
|
{% for schema in ldap_proxy_custom_schemas %}
|
|
include /etc/openldap/schema/{{ schema | basename }}
|
|
{% endfor %}
|
|
|
|
## Module paths ##############################################################
|
|
modulepath /usr/lib64/openldap/
|
|
modulepath /usr/lib64/openldap
|
|
moduleload back_ldap
|
|
moduleload rwm
|
|
moduleload memberof.la
|
|
|
|
# Main settings ###############################################################
|
|
pidfile /var/run/openldap/slapd.pid
|
|
argsfile /var/run/openldap/slapd.args
|
|
|
|
TLSCertificateFile {{ ldap_proxy_tls_cert_path }}
|
|
TLSCertificateKeyFile {{ ldap_proxy_tls_key_path }}
|
|
TLSCACertificateFile {{ ldap_proxy_tls_ca_path }}
|
|
TLSCipherSuite HIGH:MEDIUM:-SSLv2:-SSLv3:!SHA1:!SHA256:!SHA384
|
|
TLSProtocolMin 3.3
|
|
TLSECName secp521r1
|
|
|
|
### Database definition (Proxy to AD) #########################################
|
|
database ldap
|
|
{% if ldap_proxy_readonly_enabled %}
|
|
readonly yes
|
|
{% endif %}
|
|
lastmod off
|
|
rebind-as-user
|
|
uri "{{ ldap_proxy_server }}"
|
|
suffix "{{ ldap_proxy_server_suffix }}"
|
|
|
|
overlay memberof
|
|
|
|
### ACL definition ############################################################
|
|
include "{{ ldap_proxy_acl_file }}"
|
|
|
|
### Logging ###################################################################
|
|
loglevel {{ ldap_proxy_loglevel }}
|