135 lines
3.3 KiB
YAML
135 lines
3.3 KiB
YAML
---
|
|
version: 1.1
|
|
|
|
ldap: # OpenLDAP directory
|
|
|
|
server: # Server
|
|
|
|
address:
|
|
type: domainname
|
|
hidden: true
|
|
supplier: LDAP
|
|
|
|
ip:
|
|
type: ip
|
|
default:
|
|
jinja: >-
|
|
{{ zones | get_ip(_.address) }}
|
|
params:
|
|
zones:
|
|
information: zones
|
|
hidden: true
|
|
|
|
port:
|
|
type: port
|
|
default: 636
|
|
hidden: true
|
|
|
|
prefix_domain_name:
|
|
hidden: true
|
|
provider: global:prefix_domain_name
|
|
|
|
client: # Client
|
|
|
|
family:
|
|
description: Restrict service configuration for a LDAP family
|
|
help: '"all" for all families.'
|
|
type: unix_user
|
|
mandatory: false
|
|
supplier: LDAP:family
|
|
|
|
user:
|
|
type: string
|
|
default:
|
|
jinja: |-
|
|
cn={{ _.address }},{{ _.base_dn }}
|
|
hidden: true
|
|
supplier: LDAP:dn
|
|
|
|
address:
|
|
default:
|
|
jinja: >-
|
|
{{ __.server.ip |
|
|
get_client_address(domain_name, network) }}
|
|
params:
|
|
network:
|
|
variable: >-
|
|
general.network.interface_{{ suffix }}.network
|
|
domain_name:
|
|
variable: >-
|
|
general.network.interface_{{ suffix }}.domain_name
|
|
hidden: true
|
|
|
|
user_password:
|
|
type: secret
|
|
default:
|
|
jinja: >-
|
|
{{ _.user | get_password(server_name=__.server.address,
|
|
description="remote account",
|
|
type="cleartext",
|
|
hide=general.hide_secret,
|
|
temporary=true)
|
|
}}
|
|
hidden: true
|
|
supplier: LDAP:password
|
|
|
|
base_dn:
|
|
type: string
|
|
validators:
|
|
- jinja: >-
|
|
{%- set var = {'ok': false} -%}
|
|
{%- for att in ['o', 'dc', 'ou'] -%}
|
|
{%- if _.base_dn.startswith(att + '=') -%}
|
|
{%- set var = var.update({'ok': true}) -%}
|
|
{%- endif -%}
|
|
{%- endfor -%}
|
|
{%- if not var.ok -%}
|
|
{%- set e = "the root LDAP base DN must starts with an " -%}
|
|
{%- set e = e + "organisation (o=), a domain componant (dc=) " -%}
|
|
{%- set e = e + "or an organizational unit (ou=)" -%}
|
|
{{ e }}
|
|
{%- endif -%}
|
|
description: >-
|
|
if LDAP base DN starts with an organisation (o=), a domain componant
|
|
(dc=) or an organizational unit (ou=)
|
|
default:
|
|
jinja: >-
|
|
{{ __.server.prefix_domain_name | get_default_base_dn }}
|
|
hidden: true
|
|
supplier: LDAP:base_dn
|
|
|
|
search_dn:
|
|
default:
|
|
jinja: >-
|
|
ou=accounts,{{ _.base_dn }}
|
|
hidden: true
|
|
|
|
group_dn:
|
|
type: string
|
|
default:
|
|
jinja: >-
|
|
{{ _.base_dn | calc_ldapclient_base_dn(group=true) }}
|
|
hidden: true
|
|
|
|
user_dn:
|
|
type: string
|
|
default:
|
|
jinja: >-
|
|
{{ _.base_dn | calc_ldapclient_base_dn }}
|
|
hidden: true
|
|
|
|
key_file_owner:
|
|
type: unix_user
|
|
default: root
|
|
hidden: true
|
|
|
|
file:
|
|
type: unix_filename
|
|
default:
|
|
jinja: >-
|
|
{%- if general.os_name == 'Debian' -%}
|
|
/etc/ldap/ldap.conf
|
|
{%- else -%}
|
|
/etc/openldap/ldap.conf
|
|
{%- endif -%}
|
|
hidden: true
|