Skip to content
Snippets Groups Projects
Commit 73dc69c9 authored by Jupiter Hu's avatar Jupiter Hu
Browse files

update default cacert

parent f0c11a22
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/openLdapClient/defaults/main.yml
+ 3
1
View file @ 73dc69c9
...@@ -8,5 +8,7 @@ ldapUserHomeDirectory: "unixHomeDirectory" ...@@ -8,5 +8,7 @@ ldapUserHomeDirectory: "unixHomeDirectory"
ldapUserPricipal: "userPrincipalName" ldapUserPricipal: "userPrincipalName"
ldapGroupBase: "ou=groups,dc=monash,dc=edu,dc=au" ldapGroupBase: "ou=groups,dc=monash,dc=edu,dc=au"
tlsCaCertDirectory: "/etc/openldap/certs" tlsCaCertDirectory: "/etc/openldap/certs"
tlsCaCertFile: "ca.pem" tlsCaCertFile: "/etc/openldap/certs/ca.pem"
ldapCaCertFileSource: "/etc/openldap" ldapCaCertFileSource: "/etc/openldap"
cacertFile: "ca.pem"
roles/openLdapClient/templates/sssd.j2
+ 3
1
View file @ 73dc69c9
...@@ -27,7 +27,9 @@ access_provider = ldap ...@@ -27,7 +27,9 @@ access_provider = ldap
ldap_uri = {{ ldapUri }} ldap_uri = {{ ldapUri }}
ldap_id_use_start_tls = True ldap_id_use_start_tls = True
ldap_tls_reqcert = demand ldap_tls_reqcert = allow
ldap_tls_cacertdir = {{ tlsCaCertDirectory }}
ldap_tls_cacert = {{ cacertFile }}
ldap_default_bind_dn = {{ ldapDn }} ldap_default_bind_dn = {{ ldapDn }}
ldap_default_authtok_type = password ldap_default_authtok_type = password
ldap_default_authtok = {{ ldapPassword }} ldap_default_authtok = {{ ldapPassword }}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment