diff --git a/recipes/default.rb b/recipes/default.rb index 0b8b52c..7240802 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -33,7 +33,7 @@ end else template '/etc/sysconfig/ldap' do - source 'sysconfig_slapd.erb' + source 'sysconfig_ldap.erb' end end when 'suse' diff --git a/templates/default/sysconfig_ldap.erb b/templates/default/sysconfig_ldap.erb new file mode 100644 index 0000000..cceabea --- /dev/null +++ b/templates/default/sysconfig_ldap.erb @@ -0,0 +1,37 @@ +## Generated by Chef. Do not hand edit +## based on CentOS 6 defaults + +# Options of slapd (see man slapd) +SLAPD_OPTIONS="-f /etc/openldap/slapd.conf" + +# At least one of SLAPD_LDAP, SLAPD_LDAPI and SLAPD_LDAPS must be set to 'yes'! +# +# Run slapd with -h "... ldap:/// ..." +# yes/no, default: yes +SLAPD_LDAP=yes + +# Run slapd with -h "... ldapi:/// ..." +# yes/no, default: yes +SLAPD_LDAPI=yes + +# Run slapd with -h "... ldaps:/// ..." +# yes/no, default: no +<% if node['openldap']['ldaps_enabled'] -%> +SLAPD_LDAPS=yes +<% else -%> +SLAPD_LDAPS=no +<% end -%> + +# Run slapd with -h "... $SLAPD_URLS ..." +# This option could be used instead of previous three ones, but: +# - it doesn't overwrite settings of $SLAPD_LDAP, $SLAPD_LDAPS and $SLAPD_LDAPI options +# - it isn't overwritten by settings of $SLAPD_LDAP, $SLAPD_LDAPS and $SLAPD_LDAPI options +# example: SLAPD_URLS="ldapi:///var/lib/ldap_root/ldapi ldapi:/// ldaps:///" +# default: empty +#SLAPD_URLS="" + +# Maximum allowed time to wait for slapd shutdown on 'service ldap stop' (in seconds) +#SLAPD_SHUTDOWN_TIMEOUT=3 + +# Parameters to ulimit, use to change system limits for slapd +#SLAPD_ULIMIT_SETTINGS="" diff --git a/templates/default/sysconfig_slapd.erb b/templates/default/sysconfig_slapd.erb index 80ecdc8..9313aac 100644 --- a/templates/default/sysconfig_slapd.erb +++ b/templates/default/sysconfig_slapd.erb @@ -1,5 +1,6 @@ -# Generated by Chef. Do not hand edit -# +## Generated by Chef. Do not hand edit +## based on CentOS 7 defaults + # OpenLDAP server configuration # see 'man slapd' for additional information @@ -9,17 +10,13 @@ # - default: ldapi:/// ldap:/// # - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// <% if node['openldap']['ldaps_enabled'] -%> -SLAPD_URLS="ldapi:/// ldap:/// ldaps:///" +SLAPD_URLS="ldap:/// ldapi:/// ldaps:///" <% else -%> -SLAPD_URLS="ldapi:/// ldap:///" +SLAPD_URLS="ldap:/// ldapi:///" <% end -%> # Any custom options -<% if node['platform'] == "centos" or node['platform'] == "amazon" -%> SLAPD_OPTIONS="-f /etc/openldap/slapd.conf" -<% else %> -SLAPD_OPTIONS="" -<% end -%> # Keytab location for GSSAPI Kerberos authentication #KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"