diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2016-06-05 17:30:00 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2016-06-05 17:33:25 +0200 |
commit | 17d7427e0bc5e61ee10e28cbc5cba5b8a7566d58 (patch) | |
tree | 00dc894e22ab7221e908faeac98095835b0a0782 /roles/webmail/tasks/ldap.yml | |
parent | 57e40efc54c230566fd5f6bd10d25692709909b7 (diff) |
Use stunnel to secure the connection from the webmail to ldap.fripost.org.
We should use IPSec instead, but doing so would force us to weaken
slapd.conf's ‘security’ setting.
Diffstat (limited to 'roles/webmail/tasks/ldap.yml')
-rw-r--r-- | roles/webmail/tasks/ldap.yml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/webmail/tasks/ldap.yml b/roles/webmail/tasks/ldap.yml new file mode 100644 index 0000000..6df3324 --- /dev/null +++ b/roles/webmail/tasks/ldap.yml @@ -0,0 +1,32 @@ +- name: Create /etc/stunnel/certs + file: path=/etc/stunnel/certs + state=directory + owner=root group=root + mode=0755 + +- name: Copy the ldap's X.509 certificate + copy: src=certs/ldap/ldap.fripost.org.pem + dest=/etc/stunnel/certs/ldap.pem + owner=root group=root + mode=0644 + register: r1 + notify: + - Restart stunnel@ldap + +- name: Configure stunnel + copy: src=etc/stunnel/ldap.conf + dest=/etc/stunnel/ldap.conf + owner=root group=root + mode=0644 + register: r2 + notify: + - Restart stunnel@ldap + +- name: Enable stunnel@ldap + service: name=stunnel4@ldap enabled=yes + +- name: Start stunnel@ldap + service: name=stunnel4@ldap state=started + when: not (r1.changed or r2.changed) + +- meta: flush_handlers |