From ca95035f72e339dead9f41b2488fe119ce88e199 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 14 Jul 2019 12:26:59 +0200 Subject: [PATCH 1/4] Adding openldap TLS support --- data/templates/slapd/slapd.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/data/templates/slapd/slapd.conf b/data/templates/slapd/slapd.conf index 57233e386..3046d9c7f 100644 --- a/data/templates/slapd/slapd.conf +++ b/data/templates/slapd/slapd.conf @@ -41,6 +41,10 @@ sizelimit 500 # for indexing. tool-threads 1 +# TLS Support +TLSCertificateFile /etc/ssl/private/yunohost_crt.pem +TLSCertificateKeyFile /etc/ssl/private/yunohost_key.pem + ####################################################################### # Specific Backend Directives for mdb: # Backend specific directives apply to this backend until another From 577d8f477fb219517c2195259fc8878d1d45138c Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 14 Jul 2019 14:25:09 +0200 Subject: [PATCH 2/4] Add openldap user in the ssl-cert grou --- data/hooks/conf_regen/06-slapd | 3 +++ 1 file changed, 3 insertions(+) diff --git a/data/hooks/conf_regen/06-slapd b/data/hooks/conf_regen/06-slapd index fdb7a36d1..852a7e9a0 100755 --- a/data/hooks/conf_regen/06-slapd +++ b/data/hooks/conf_regen/06-slapd @@ -31,6 +31,9 @@ do_init_regen() { do_pre_regen() { pending_dir=$1 + # Add openldap user in the ssl-cert group to let it access the ceriticate for TLS + sudo usermod -aG ssl-cert openldap + cd /usr/share/yunohost/templates/slapd # create needed directories From bae6fe86f3c554b37a785e345b5fa52801f5cdf1 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 1 Aug 2019 22:28:55 +0200 Subject: [PATCH 3/4] spelling --- data/hooks/conf_regen/06-slapd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/hooks/conf_regen/06-slapd b/data/hooks/conf_regen/06-slapd index 852a7e9a0..f2ae52373 100755 --- a/data/hooks/conf_regen/06-slapd +++ b/data/hooks/conf_regen/06-slapd @@ -31,7 +31,7 @@ do_init_regen() { do_pre_regen() { pending_dir=$1 - # Add openldap user in the ssl-cert group to let it access the ceriticate for TLS + # Add openldap user in the ssl-cert group to let it access the certificate for TLS sudo usermod -aG ssl-cert openldap cd /usr/share/yunohost/templates/slapd From 10f16510227e2bb263a0541a3e62b37d1e229d7d Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 3 Aug 2019 21:00:44 +0200 Subject: [PATCH 4/4] Moving to the post-regen part because the pre-regen part should touch as little as possible of the actual system config --- data/hooks/conf_regen/06-slapd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/hooks/conf_regen/06-slapd b/data/hooks/conf_regen/06-slapd index f2ae52373..90854b757 100755 --- a/data/hooks/conf_regen/06-slapd +++ b/data/hooks/conf_regen/06-slapd @@ -31,9 +31,6 @@ do_init_regen() { do_pre_regen() { pending_dir=$1 - # Add openldap user in the ssl-cert group to let it access the certificate for TLS - sudo usermod -aG ssl-cert openldap - cd /usr/share/yunohost/templates/slapd # create needed directories @@ -79,6 +76,9 @@ do_post_regen() { sudo chown -R openldap:openldap /etc/ldap/schema/ sudo chown -R openldap:openldap /etc/ldap/slapd.d/ + # Add openldap user in the ssl-cert group to let it access the certificate for TLS + sudo usermod -aG ssl-cert openldap + [ -z "$regen_conf_files" ] && exit 0 # check the slapd config file at first