mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
94f23ee647
ldap: Add client certificate support (#6668)
* Set up secure ldap server
* ldap: Added client cert options
Shamelessly copied from https://github.com/andrewshulgin/ldap_search
* Added tests for ldap client authentication
* Add changelog fragment
* Make sure the openssl commands work on older versions of openssl
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove aliases for new arguments
* Add required_together to ldap module declerations
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit f3ecf4c7f8)
Co-authored-by: Gnonthgol <gnonthgol+github@gmail.com>
15 lines
407 B
Text
15 lines
407 B
Text
dn: cn=config
|
|
add: olcTLSCACertificateFile
|
|
olcTLSCACertificateFile: /usr/local/share/ca-certificates/ca.crt
|
|
-
|
|
add: olcTLSCertificateFile
|
|
olcTLSCertificateFile: /etc/ldap/localhost.crt
|
|
-
|
|
add: olcTLSCertificateKeyFile
|
|
olcTLSCertificateKeyFile: /etc/ldap/localhost.key
|
|
-
|
|
add: olcAuthzRegexp
|
|
olcAuthzRegexp: {0}"UID=([^,]*)" uid=$1,ou=users,dc=example,dc=com
|
|
-
|
|
add: olcTLSVerifyClient
|
|
olcTLSVerifyClient: allow
|