diff options
Diffstat (limited to 'modules/openldap/templates/slapd.conf')
| -rw-r--r-- | modules/openldap/templates/slapd.conf | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/modules/openldap/templates/slapd.conf b/modules/openldap/templates/slapd.conf index d82fe088..542e54fa 100644 --- a/modules/openldap/templates/slapd.conf +++ b/modules/openldap/templates/slapd.conf @@ -29,7 +29,7 @@ include /usr/share/openldap/schema/openssh-lpk_openldap.schema pidfile /var/run/ldap/slapd.pid argsfile /var/run/ldap/slapd.args -modulepath <%= lib_dir %>/openldap +modulepath <%= @lib_dir %>/openldap <% if @hostname == 'duvel' then %> moduleload back_bdb.la <% else %> @@ -44,9 +44,9 @@ moduleload unique.la moduleload dynlist.la moduleload constraint.la -TLSCertificateFile /etc/ssl/openldap/ldap.<%= domain %>.pem -TLSCertificateKeyFile /etc/ssl/openldap/ldap.<%= domain %>.pem -TLSCACertificateFile /etc/ssl/openldap/ldap.<%= domain %>.pem +TLSCertificateFile /etc/ssl/openldap/ldap.<%= @domain %>.pem +TLSCertificateKeyFile /etc/ssl/openldap/ldap.<%= @domain %>.pem +TLSCACertificateFile /etc/ssl/openldap/ldap.<%= @domain %>.pem # Give ldapi connection some security localSSF 56 @@ -60,8 +60,8 @@ loglevel 256 database monitor access to dn.subtree="cn=Monitor" - by group.exact="cn=LDAP Monitors,ou=System Groups,<%= dc_suffix %>" read - by group.exact="cn=LDAP Admins,ou=System Groups,<%= dc_suffix %>" read + by group.exact="cn=LDAP Monitors,ou=System Groups,<%= @dc_suffix %>" read + by group.exact="cn=LDAP Admins,ou=System Groups,<%= @dc_suffix %>" read by * none <% if @hostname == 'duvel' then %> @@ -71,9 +71,9 @@ database mdb # mdb defaults to 10MB max DB, so we need to hardcode some better value :( maxsize 500000000 <% end %> -suffix "<%= dc_suffix %>" +suffix "<%= @dc_suffix %>" directory /var/lib/ldap -rootdn "cn=manager,<%= dc_suffix %>" +rootdn "cn=manager,<%= @dc_suffix %>" checkpoint 256 5 <% if @hostname == 'duvel' then %> @@ -105,7 +105,7 @@ syncprov-checkpoint 100 10 syncprov-sessionlog 100 overlay ppolicy -ppolicy_default "cn=default,ou=Password Policies,<%= dc_suffix %>" +ppolicy_default "cn=default,ou=Password Policies,<%= @dc_suffix %>" ppolicy_hash_cleartext yes ppolicy_use_lockout yes @@ -128,8 +128,8 @@ constraint_attribute sshPublicKey regex "^ssh-(rsa|dss|ed25519) [[:graph:]]+ [[: <% if environment == "test" %> authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth" - "cn=manager,<%= dc_suffix %>" -authz-regexp ^uid=([^,]+),cn=[^,]+,cn=auth$ uid=$1,ou=People,<%= dc_suffix %> + "cn=manager,<%= @dc_suffix %>" +authz-regexp ^uid=([^,]+),cn=[^,]+,cn=auth$ uid=$1,ou=People,<%= @dc_suffix %> <% end %> include /etc/openldap/mandriva-dit-access.conf |