From 17d7427e0bc5e61ee10e28cbc5cba5b8a7566d58 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 5 Jun 2016 17:30:00 +0200
Subject: Use stunnel to secure the connection from the webmail to
 ldap.fripost.org.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We should use IPSec instead, but doing so would force us to weaken
slapd.conf's ‘security’ setting.
---
 roles/common/tasks/main.yml | 1 +
 1 file changed, 1 insertion(+)

(limited to 'roles/common/tasks/main.yml')

diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 04681bd..e419bf3 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -15,6 +15,7 @@
 
 - include: stunnel.yml
   tags: stunnel
+  when: "'webmail' in group_names and ('LDAP-provider' not in group_names or 'out' not in group_names)"
 - include: samhain.yml
   tags: samhain
 - include: auditd.yml
-- 
cgit v1.2.3