From 73dc69c9fc961bed8711ec886ad00681f872153f Mon Sep 17 00:00:00 2001
From: CVL-GitHub <jupiter.hu@monash.edu>
Date: Wed, 19 Nov 2014 01:39:12 +0000
Subject: [PATCH] update default cacert

---
 roles/openLdapClient/defaults/main.yml | 4 +++-
 roles/openLdapClient/templates/sssd.j2 | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/openLdapClient/defaults/main.yml b/roles/openLdapClient/defaults/main.yml
index 60c8a488..0b046e36 100644
--- a/roles/openLdapClient/defaults/main.yml
+++ b/roles/openLdapClient/defaults/main.yml
@@ -8,5 +8,7 @@ ldapUserHomeDirectory: "unixHomeDirectory"
 ldapUserPricipal: "userPrincipalName"
 ldapGroupBase: "ou=groups,dc=monash,dc=edu,dc=au"
 tlsCaCertDirectory: "/etc/openldap/certs"
-tlsCaCertFile: "ca.pem"
+tlsCaCertFile: "/etc/openldap/certs/ca.pem"
 ldapCaCertFileSource: "/etc/openldap"
+cacertFile: "ca.pem"
+
diff --git a/roles/openLdapClient/templates/sssd.j2 b/roles/openLdapClient/templates/sssd.j2
index ce51b423..7db3cc51 100644
--- a/roles/openLdapClient/templates/sssd.j2
+++ b/roles/openLdapClient/templates/sssd.j2
@@ -27,7 +27,9 @@ access_provider = ldap
 
 ldap_uri = {{ ldapUri }} 
 ldap_id_use_start_tls = True
-ldap_tls_reqcert = demand 
+ldap_tls_reqcert = allow 
+ldap_tls_cacertdir = {{ tlsCaCertDirectory }} 
+ldap_tls_cacert = {{ cacertFile }}
 ldap_default_bind_dn = {{ ldapDn }} 
 ldap_default_authtok_type = password
 ldap_default_authtok = {{ ldapPassword }} 
-- 
GitLab