From 3789e852ceef2cdea51e086771a9f89dcddbae4b Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@mageia.org>
Date: Wed, 15 Feb 2012 09:54:37 +0000
Subject: manage /etc/openldap/ldap.conf by puppet

---
 modules/pam/templates/openldap.ldap.conf | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 modules/pam/templates/openldap.ldap.conf

(limited to 'modules/pam/templates')

diff --git a/modules/pam/templates/openldap.ldap.conf b/modules/pam/templates/openldap.ldap.conf
new file mode 100644
index 00000000..812538be
--- /dev/null
+++ b/modules/pam/templates/openldap.ldap.conf
@@ -0,0 +1,26 @@
+#BASE   dc=example, dc=com 
+#HOST   ldap.example.com ldap-master.example.com
+#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
+
+#SIZELIMIT      12
+#TIMELIMIT      15 
+#DEREF          never
+
+# SSL/TSL configuration. With CA-signed certs, TLS_REQCERT should be
+# "demand", with the CA certificate accessible 
+#TLS_REQCERT    ([demand],never,allow,try)
+# We ship with allow by default as some LDAP clients (e.g. evolution) have
+# no interactive SSL configuration
+
+TLS_REQCERT     allow
+
+# CA Certificate locations 
+# Use the default self-signed cert generated by openldap-server postinstall
+# by default 
+#TLS_CACERT      /etc/pki/tls/certs/ldap.pem
+#TLS_CACERT     /etc/ssl/openldap/ldap.mageia.org.pem
+
+# If requiring support for certificates signed by all CAs (noting risks
+# pam_ldap if doing DNS-based suffix lookup etc.
+#TLS_CACERTDIR  /etc/pki/tls/rootcerts
+
-- 
cgit v1.2.1