[SUCS Devel] [Git][sucs/sucs][master] Tweak the ldap-server-ssl role to now configure the server to only communicate v…

[Imran Hussain]

Imran Hussain pushed to branch master at sucs / SUCS


Commits:
48ceffee by Imran Hussain at 2017-02-05T13:08:46+00:00
Tweak the ldap-server-ssl role to now configure the server to only communicate via tls, starttls or ldaps

- - - - -


2 changed files:

- + ansible/roles/ldap-server-ssl/files/ldaps-force.ldif
- ansible/roles/ldap-server-ssl/tasks/main.yml


Changes:

=====================================
ansible/roles/ldap-server-ssl/files/ldaps-force.ldif
=====================================
--- /dev/null
+++ b/ansible/roles/ldap-server-ssl/files/ldaps-force.ldif
@@ -0,0 +1,4 @@
+dn: cn=config
+changetype:  modify
+replace: olcSecurity
+olcSecurity: tls=1
\ No newline at end of file


=====================================
ansible/roles/ldap-server-ssl/tasks/main.yml
=====================================
--- a/ansible/roles/ldap-server-ssl/tasks/main.yml
+++ b/ansible/roles/ldap-server-ssl/tasks/main.yml
@@ -1,10 +1,18 @@
-- name: copy the ldif
+- name: copy the ldif to enable tls
   copy:
     src: ldaps.ldif
     dest: /tmp
 
-- name: execute the ldif/change
+- name: copy the ldif to force tls
+  copy:
+    src: ldaps-force.ldif
+    dest: /tmp
+
+- name: enable tls
   command: ldapmodify -x -D "cn=admin,dc=sucs,dc=org" -w {{ ldap_password }} -f /tmp/ldaps.ldif
+
+- name: force tls
+  command: ldapmodify -x -D "cn=admin,dc=sucs,dc=org" -w {{ ldap_password }} -f /tmp/ldaps-force.ldif
   
 - name: deploy new sldap file to enable ldaps://
   template:



View it on GitLab: https://projects.sucs.org/sucs/sucs/commit/48ceffeead6d342a5c317f6ad584572de4a004dd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/devel/attachments/20170205/ef114531/attachment-0001.html>