ldif

BertrandGouny · BertrandGouny · commit 396ac9b00588 · 2015-08-01T21:32:40.000+02:00
diff --git a/image/env.yaml b/image/env.yaml
@@ -8,7 +8,7 @@ LDAP_DOMAIN: example.org
 LDAP_ADMIN_PASSWORD: admin
 LDAP_CONFIG_PASSWORD: config
 
-# TLS
+# tls
 LDAP_TLS: true
 LDAP_TLS_CRT_FILENAME: ldap.crt
 LDAP_TLS_KEY_FILENAME: ldap.key
@@ -23,7 +23,7 @@ LDAP_REPLICATION: false
 # adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_HDB_SYNCPROV to your configuration
 # avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
 LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1 starttls=critical
-LDAP_REPLICATION_HDB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1  starttls=critical
+LDAP_REPLICATION_HDB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1 starttls=critical
 LDAP_REPLICATION_HOSTS:
   - ldap://ldap.example.org # The order must be the same on all ldap servers
   - ldap://ldap2.example.org
diff --git a/image/service/slapd/assets/config/bootstrap/ldif/02-security.ldif b/image/service/slapd/assets/config/bootstrap/ldif/02-security.ldif
@@ -3,8 +3,5 @@ changetype: modify
 delete: olcAccess
 -
 add: olcAccess
-olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by anonymous auth by * none
--
-add: olcAccess
-olcAccess: {1}to * by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by * none
--
+olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by anonymous auth by * none
+olcAccess: to * by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by * none
diff --git a/image/service/slapd/assets/config/bootstrap/ldif/04-index.ldif b/image/service/slapd/assets/config/bootstrap/ldif/04-index.ldif
@@ -3,6 +3,7 @@ dn: olcDatabase={1}hdb,cn=config
 changetype:  modify
 replace: olcDbIndex
 olcDbIndex: uid eq
+olcDbIndex: mail eq
 olcDbIndex: memberOf eq
 olcDbIndex: entryCSN eq
 olcDbIndex: entryUUID eq
diff --git a/image/service/slapd/assets/config/readonly-user/readonly-user-acl.ldif b/image/service/slapd/assets/config/readonly-user/readonly-user-acl.ldif
@@ -3,8 +3,5 @@ changetype: modify
 delete: olcAccess
 -
 add: olcAccess
-olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by anonymous auth by * none
--
-add: olcAccess
-olcAccess: {1}to * by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by dn="cn={{ LDAP_READONLY_USERNAME }},{{ LDAP_BASE_DN }}" read by * none
--
+olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by anonymous auth by * none
+olcAccess: to * by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by dn="cn={{ LDAP_READONLY_USERNAME }},{{ LDAP_BASE_DN }}" read by * none
diff --git a/image/service/slapd/assets/config/tls/tls-enable.ldif b/image/service/slapd/assets/config/tls/tls-enable.ldif
@@ -3,6 +3,9 @@ changetype: modify
 replace: olcTLSCipherSuite
 olcTLSCipherSuite: SECURE256:-VERS-SSL3.0
 -
+replace: olcTLSProtocolMin
+olcTLSProtocolMin: 3.1
+-
 replace: olcTLSCACertificateFile
 olcTLSCACertificateFile: /container/service/slapd/assets/certs/{{ LDAP_TLS_CA_CRT_FILENAME }}
 -

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,9 @@ changetype: modify`
`3`	`3`	`replace: olcTLSCipherSuite`
`4`	`4`	`olcTLSCipherSuite: SECURE256:-VERS-SSL3.0`
`5`	`5`	`-`
	`6`	`+replace: olcTLSProtocolMin`
	`7`	`+olcTLSProtocolMin: 3.1`
	`8`	`+-`
`6`	`9`	`replace: olcTLSCACertificateFile`
`7`	`10`	`olcTLSCACertificateFile: /container/service/slapd/assets/certs/{{ LDAP_TLS_CA_CRT_FILENAME }}`
`8`	`11`	`-`