diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2024-10-03 08:37:38 -0400 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-10-03 08:37:38 -0400 |
| commit | 47f90d0916ac34ef132e3bb6da92a4a67dffbba8 (patch) | |
| tree | 764a6aee2dea7a69096eba27c4264776f8190380 /files/usr/local/etc/openldap | |
| parent | ee583b5929925b2e9658385430da4f73b4883287 (diff) | |
| download | infrastructure-47f90d0916ac34ef132e3bb6da92a4a67dffbba8.tar.gz | |
add postfix/rspamd
Diffstat (limited to 'files/usr/local/etc/openldap')
| -rw-r--r-- | files/usr/local/etc/openldap/ldap.conf.common | 4 | ||||
| -rw-r--r-- | files/usr/local/etc/openldap/ldap.conf.idm_server | 4 | ||||
| -rw-r--r-- | files/usr/local/etc/openldap/slapd.ldif.idm_server | 14 |
3 files changed, 13 insertions, 9 deletions
diff --git a/files/usr/local/etc/openldap/ldap.conf.common b/files/usr/local/etc/openldap/ldap.conf.common index b56dc94..2be3425 100644 --- a/files/usr/local/etc/openldap/ldap.conf.common +++ b/files/usr/local/etc/openldap/ldap.conf.common @@ -7,3 +7,7 @@ SASL_REALM ${realm} GSSAPI_SIGN yes GSSAPI_ENCRYPT yes SUDOERS_BASE ${sudo_basedn} +ACCOUNTS_BASE ${accounts_basedn} +USERS_BASE ${users_basedn} +GROUPS_BASE ${groups_basedn} +HOSTS_BASE ${hosts_basedn} diff --git a/files/usr/local/etc/openldap/ldap.conf.idm_server b/files/usr/local/etc/openldap/ldap.conf.idm_server index a3e18f2..2e77244 100644 --- a/files/usr/local/etc/openldap/ldap.conf.idm_server +++ b/files/usr/local/etc/openldap/ldap.conf.idm_server @@ -7,3 +7,7 @@ SASL_REALM ${realm} GSSAPI_SIGN yes GSSAPI_ENCRYPT yes SUDOERS_BASE ${sudo_basedn} +ACCOUNTS_BASE ${accounts_basedn} +USERS_BASE ${users_basedn} +GROUPS_BASE ${groups_basedn} +HOSTS_BASE ${hosts_basedn} diff --git a/files/usr/local/etc/openldap/slapd.ldif.idm_server b/files/usr/local/etc/openldap/slapd.ldif.idm_server index d63641e..894d159 100644 --- a/files/usr/local/etc/openldap/slapd.ldif.idm_server +++ b/files/usr/local/etc/openldap/slapd.ldif.idm_server @@ -17,7 +17,7 @@ $(echo "$idm_server_list" | while read -r _hostname id ipv4; do echo "olcServerID: ${id} ldaps://${ipv4}/" done) olcAuthzRegexp: {0}^gidNumber=[0-9]+\+uidNumber=0,cn=peercred,cn=external,cn=auth$ ${slapd_root_dn} -olcAuthzRegexp: {1}^gidNumber=[0-9]+\+uidNumber=([^,]+),cn=peercred,cn=external,cn=auth$ ldap:///${accounts_basedn}??sub?(uidNumber=\$1) +olcAuthzRegexp: {1}^gidNumber=[0-9]+\+uidNumber=([^,]+),cn=peercred,cn=external,cn=auth$ ldap:///${users_basedn}??sub?(uidNumber=\$1) olcAuthzRegexp: {2}^uid=([^,]+),cn=(gssapi|plain|login),cn=auth$ ldap:///${accounts_basedn}??sub?(krbPrincipalName=\$1@${realm}) # Load dynamic modules. @@ -196,15 +196,11 @@ dn: olcOverlay={3}unique,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcUniqueConfig olcOverlay: unique -olcUniqueURI: ldap:///${accounts_basedn}?uid?sub -olcUniqueURI: ldap:///${accounts_basedn}?uidNumber?sub +olcUniqueURI: ldap:///${users_basedn}?uid,uidNumber?sub +olcUniqueURI: ldap:///${groups_basedn}?cn,gidNumber?sub olcUniqueURI: ldap:///${accounts_basedn}?krbPrincipalName?sub -olcUniqueURI: ldap:///${accounts_basedn}?mail?sub -olcUniqueURI: ldap:///${accounts_basedn}?mailAddress,mailAlternateAddress,mailPrivateAddress,mailContactAddress?sub -olcUniqueURI: ldap:///${groups_basedn}?cn?sub -olcUniqueURI: ldap:///${groups_basedn}?gidNumber?sub -olcUniqueURI: ldap:///${hosts_basedn}?cn,dc?sub -olcUniqueURI: ldap:///${services_basedn}?cn?sub +olcUniqueURI: ldap:///${accounts_basedn}?mail,mailAddress,mailAlternateAddress,mailPrivateAddress,mailContactAddress?sub +olcUniqueURI: ldap:///${hosts_basedn}?cn,dc,associatedDomain?sub olcUniqueURI: ldap:///${sudo_basedn}?cn?sub olcUniqueURI: ldap:///${dns_basedn}?associatedDomain?sub |