summaryrefslogtreecommitdiffstats
path: root/roles/common-LDAP
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-07-07 16:37:20 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:52:38 +0200
commitddf4de6593756993f859c020bc6db046ca869846 (patch)
tree722378f05e125de523d1dd9c4eb178699323a725 /roles/common-LDAP
parent889def3fa23e168515b7467b7711bbacae08d0da (diff)
Add note how to test SASL EXTERNAL authentication via TLS.
Diffstat (limited to 'roles/common-LDAP')
-rw-r--r--roles/common-LDAP/templates/etc/ldap/database.ldif.j23
1 files changed, 3 insertions, 0 deletions
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
index cba0eb0..308bece 100644
--- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
+++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
@@ -132,6 +132,9 @@ olcLimits: dn.exact="cn=lists,ou=replicates,o=mailHosting,dc=fripost,dc=org"
{% endif %}
{% endif %}
{% if 'MX' in group_names and 'LDAP-provider' not in group_names %}
+# Test it:
+# LDAPSASL_MECH=external LDAPTLS_CACERT=/etc/ldap/ssl/ldap.fripost.org.pem LDAPTLS_CERT=/etc/ldap/ssl/mx.pem LDAPTLS_KEY=/etc/ldap/ssl/mx.key sudo -u openldap ldapwhoami -H ldaps://ldap.fripost.org/
+# LDAPSASL_MECH=external LDAPTLS_CACERT=/etc/ldap/ssl/ldap.fripost.org.pem LDAPTLS_CERT=/etc/ldap/ssl/mx.pem LDAPTLS_KEY=/etc/ldap/ssl/mx.key sudo -u openldap ldapsearch -H ldaps://ldap.fripost.org/ -b ou=virtual,o=mailHosting,dc=fripost,dc=org
olcSyncrepl: rid=000
provider=ldaps://ldap.fripost.org
type=refreshAndPersist