aboutsummaryrefslogtreecommitdiffstats
path: root/modules/openldap/templates/slapd.conf
diff options
context:
space:
mode:
authorBuchan Milne <buchan@mageia.org>2010-11-05 12:19:23 +0000
committerBuchan Milne <buchan@mageia.org>2010-11-05 12:19:23 +0000
commit23fdeab2512c5f7816ddf9315165ba154de1d1e2 (patch)
tree81436e64378b031375d391dc71d210dee5b6927e /modules/openldap/templates/slapd.conf
parent49a9c571bea47c308ebb90140dd3802f0b0b7424 (diff)
downloadpuppet-23fdeab2512c5f7816ddf9315165ba154de1d1e2.tar
puppet-23fdeab2512c5f7816ddf9315165ba154de1d1e2.tar.gz
puppet-23fdeab2512c5f7816ddf9315165ba154de1d1e2.tar.bz2
puppet-23fdeab2512c5f7816ddf9315165ba154de1d1e2.tar.xz
puppet-23fdeab2512c5f7816ddf9315165ba154de1d1e2.zip
Finalise registration ACLs
Restrict anonymous access (to none) Add some additional ACLs to put back some access that previously relied on anonymous Listen on all IP addresses, and ldapi Assign localSSF matching ssf requirement, so we allow ldapi,ldaps,ldap+start_tls
Diffstat (limited to 'modules/openldap/templates/slapd.conf')
-rw-r--r--modules/openldap/templates/slapd.conf8
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/openldap/templates/slapd.conf b/modules/openldap/templates/slapd.conf
index 62f0b67f..ab97aacd 100644
--- a/modules/openldap/templates/slapd.conf
+++ b/modules/openldap/templates/slapd.conf
@@ -40,6 +40,14 @@ TLSCertificateFile /etc/ssl/openldap/ldap.pem
TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
TLSCACertificateFile /etc/ssl/openldap/ldap.pem
+# Give ldapi connection some security
+localSSF 56
+# Require at least this security, so we allow:
+# ldapi
+# ldap+start_tls
+# ldaps
+security ssf=56
+
loglevel 256
database bdb
generated by cgit v1.2.1 (git 2.21.0) at 2024-08-21 11:47:43 +0000