add ca certificate definition in saslauthd configuration

David Coutadeur · David Coutadeur · commit a8e5b8fdbf3e · 2025-01-29T17:31:56.000+01:00
diff --git a/playbook/group_vars/prod.yml b/playbook/group_vars/prod.yml
@@ -47,3 +47,4 @@ ldaptoolbox_openldap_sasl_suffix: "dc=my-organization,dc=com"
 ldaptoolbox_openldap_sasl_servers: "ldap://localhost"
 ldaptoolbox_openldap_sasl_binddn: "cn=saslaccount,dc=my-domain,dc=com"
 ldaptoolbox_openldap_sasl_bindpw: "{{ ldaptoolbox_openldap_sasl_bindpw_vault }}"
+#ldaptoolbox_openldap_sasl_ca: "/usr/local/openldap/etc/openldap/certs/ca.crt"
diff --git a/templates/etc/saslauthd.conf.j2 b/templates/etc/saslauthd.conf.j2
@@ -19,6 +19,9 @@ ldap_password: {{ ldaptoolbox_openldap_sasl_bindpw }}
 
 # others
 # ----------------------------------
+{% if ldaptoolbox_openldap_sasl_ca is defined and ldaptoolbox_openldap_sasl_ca %}
+ldap_tls_cacert_file: {{ ldaptoolbox_openldap_sasl_ca }}
+{% endif %}
 ldap_deref: never
 ldap_restart: yes
 ldap_scope: sub
