aboutsummaryrefslogtreecommitdiff
path: root/consul
diff options
context:
space:
mode:
authorAlex <alex@adnab.me>2020-02-11 23:35:53 +0100
committerGitea <gitea@fake.local>2020-02-11 23:35:53 +0100
commit9e5839765a5578fb3ca63fbe55eeba96c14969b6 (patch)
tree1a2b518ccd68cdd0fe2530041b28bfc910760eb0 /consul
parent535d1c3aba902ec644387cb41fc7cc0bcf86fae0 (diff)
parent91032944ee47ed6b6eeb674266ec64bedeac37b7 (diff)
downloadinfrastructure-9e5839765a5578fb3ca63fbe55eeba96c14969b6.tar.gz
infrastructure-9e5839765a5578fb3ca63fbe55eeba96c14969b6.zip
Merge branch 'bottin2_upgrade' of Deuxfleurs/deuxfleurs.fr into master
Diffstat (limited to 'consul')
-rw-r--r--consul/configuration/chat/synapse/homeserver.yaml2
-rw-r--r--consul/configuration/directory/bottin/config.json3
-rw-r--r--consul/configuration/email/dovecot/dovecot-ldap.conf.tpl (renamed from consul/configuration/email/dovecot/dovecot-ldap.conf.sample)6
-rw-r--r--consul/configuration/email/postfix/ldap-account.cf.sample12
-rw-r--r--consul/configuration/email/postfix/ldap-account.cf.tpl12
-rw-r--r--consul/configuration/email/postfix/ldap-alias.cf.tpl (renamed from consul/configuration/email/postfix/ldap-alias.cf.sample)6
-rw-r--r--consul/configuration/email/sogo/sogo.conf.tpl2
7 files changed, 22 insertions, 21 deletions
diff --git a/consul/configuration/chat/synapse/homeserver.yaml b/consul/configuration/chat/synapse/homeserver.yaml
index 9e0e97f..c54d4a0 100644
--- a/consul/configuration/chat/synapse/homeserver.yaml
+++ b/consul/configuration/chat/synapse/homeserver.yaml
@@ -378,7 +378,7 @@ password_providers:
- module: "ldap_auth_provider.LdapAuthProvider"
config:
enabled: true
- uri: "ldap://bottin.service.2.cluster.deuxfleurs.fr:389"
+ uri: "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389"
start_tls: false
bind_dn: '{{ key "secrets/chat/synapse/ldap_binddn" | trimSpace }}'
bind_password: '{{ key "secrets/chat/synapse/ldap_bindpw" | trimSpace }}'
diff --git a/consul/configuration/directory/bottin/config.json b/consul/configuration/directory/bottin/config.json
index ca49922..93d95c9 100644
--- a/consul/configuration/directory/bottin/config.json
+++ b/consul/configuration/directory/bottin/config.json
@@ -9,6 +9,7 @@
"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*",
"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
- "ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:"
+ "ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
+ "*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*"
]
}
diff --git a/consul/configuration/email/dovecot/dovecot-ldap.conf.sample b/consul/configuration/email/dovecot/dovecot-ldap.conf.tpl
index 4848d6e..9fb1ea6 100644
--- a/consul/configuration/email/dovecot/dovecot-ldap.conf.sample
+++ b/consul/configuration/email/dovecot/dovecot-ldap.conf.tpl
@@ -1,6 +1,6 @@
-hosts = bottin.service.2.cluster.deuxfleurs.fr
-dn = cn=<username>,dc=deuxfleurs,dc=fr
-dnpass = <password>
+hosts = bottin2.service.2.cluster.deuxfleurs.fr
+dn = {{ key "secrets/email/dovecot/ldap_binddn" | trimSpace }}
+dnpass = {{ key "secrets/email/dovecot/ldap_bindpwd" | trimSpace }}
base = dc=deuxfleurs,dc=fr
scope = subtree
user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=deuxfleurs,dc=fr)))
diff --git a/consul/configuration/email/postfix/ldap-account.cf.sample b/consul/configuration/email/postfix/ldap-account.cf.sample
deleted file mode 100644
index 1b90252..0000000
--- a/consul/configuration/email/postfix/ldap-account.cf.sample
+++ /dev/null
@@ -1,12 +0,0 @@
-bind = yes
-bind_dn = cn=<user>,dc=deuxfleurs,dc=fr
-bind_pw = <secret>
-version = 3
-timeout = 20
-start_tls = no
-tls_require_cert = no
-server_host = ldap://bottin.service.2.cluster.deuxfleurs.fr
-scope = sub
-search_base = ou=users,dc=deuxfleurs,dc=fr
-query_filter = mail=%s
-result_attribute = mail
diff --git a/consul/configuration/email/postfix/ldap-account.cf.tpl b/consul/configuration/email/postfix/ldap-account.cf.tpl
new file mode 100644
index 0000000..2575f10
--- /dev/null
+++ b/consul/configuration/email/postfix/ldap-account.cf.tpl
@@ -0,0 +1,12 @@
+bind = yes
+bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }}
+bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }}
+version = 3
+timeout = 20
+start_tls = no
+tls_require_cert = no
+server_host = ldap://bottin2.service.2.cluster.deuxfleurs.fr
+scope = sub
+search_base = ou=users,dc=deuxfleurs,dc=fr
+query_filter = mail=%s
+result_attribute = mail
diff --git a/consul/configuration/email/postfix/ldap-alias.cf.sample b/consul/configuration/email/postfix/ldap-alias.cf.tpl
index 8ed3361..775c0ad 100644
--- a/consul/configuration/email/postfix/ldap-alias.cf.sample
+++ b/consul/configuration/email/postfix/ldap-alias.cf.tpl
@@ -1,9 +1,9 @@
-server_host = bottin.service.2.cluster.deuxfleurs.fr
+server_host = bottin2.service.2.cluster.deuxfleurs.fr
server_port = 389
search_base = dc=deuxfleurs,dc=fr
query_filter = (&(objectClass=inetOrgPerson)(memberOf=cn=%s,ou=mailing_lists,ou=groups,dc=deuxfleurs,dc=fr))
result_attribute = mail
bind = yes
-bind_dn = cn=<someone>,dc=deuxfleurs,dc=fr
-bind_pw = <password>
+bind_dn = {{ key "secrets/email/postfix/ldap_binddn" | trimSpace }}
+bind_pw = {{ key "secrets/email/postfix/ldap_bindpwd" | trimSpace }}
version = 3
diff --git a/consul/configuration/email/sogo/sogo.conf.tpl b/consul/configuration/email/sogo/sogo.conf.tpl
index bb13a83..0b87db7 100644
--- a/consul/configuration/email/sogo/sogo.conf.tpl
+++ b/consul/configuration/email/sogo/sogo.conf.tpl
@@ -60,7 +60,7 @@
bindFields = (cn, mail);
canAuthenticate = YES;
displayName = "Bottin";
- hostname = "ldap://bottin.service.2.cluster.deuxfleurs.fr:389";
+ hostname = "ldap://bottin2.service.2.cluster.deuxfleurs.fr:389";
id = bottin;
isAddressBook = NO;
}