cookbooks/openldap-grid/attributes/default.rb

   1 #
   2 # Cookbook Name:: openldap-grid
   3 # Attributes:: default
   4 #
   5 # Copyright 2013-2016, whitestar
   6 #
   7 # Licensed under the Apache License, Version 2.0 (the "License");
   8 # you may not use this file except in compliance with the License.
   9 # You may obtain a copy of the License at
  10 #
  11 #     http://www.apache.org/licenses/LICENSE-2.0
  12 #
  13 # Unless required by applicable law or agreed to in writing, software
  14 # distributed under the License is distributed on an "AS IS" BASIS,
  15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 # See the License for the specific language governing permissions and
  17 # limitations under the License.
  18 #
  19
  20 default['openldap']['with_ssl_cert_cookbook'] = false
  21 # If node['openldap']['with_ssl_cert_cookbook'] is true,
  22 # node['openldap']['client']['TLS_CACERT'] and ['openldap']['nss-ldapd']['tls_cacertfile']
  23 # are overridden by the following 'ca_name' attributes.
  24 default['openldap']['ssl_cert']['ca_name'] = nil
  25 default['openldap']['ssl_cert']['common_name'] = node['fqdn']
  26
  27 default['openldap']['client']['URI'] = nil   # ldap://ldap.example.com ldap://ldap-master.example.com:666
  28 default['openldap']['client']['BASE'] = nil  # dc=example,dc=com
  29 default['openldap']['client']['SIZELIMIT'] = nil  # 12
  30 default['openldap']['client']['TIMELIMIT'] = nil  # 15
  31 default['openldap']['client']['DEREF'] = nil      # never
  32 default['openldap']['client']['TLS_CACERT'] = nil    # /etc/ssl/certs/cacert.pem
  33 default['openldap']['client']['TLS_REQCERT'] = nil   # never|allow|try|demand*
  34 default['openldap']['client']['TLS_CHECKPEER'] = nil # yes*|no
  35 default['openldap']['client']['SASL_MECH'] = nil     # GSSAPI
  36 default['openldap']['client']['TLS_CACERTDIR'] = node.value_for_platform_family(
  37   'debian' => nil,
  38   'rhel'   => '/etc/openldap/certs'
  39 )
  40 #default['openldap']['client']['<ldap.conf keys>'] = ...
  41
  42 default['openldap']['nss-ldapd']['uri'] = 'ldap://127.0.0.1/'
  43 default['openldap']['nss-ldapd']['base'] = 'dc=example,dc=net'
  44 #default['openldap']['nss-ldapd']['<nslcd.conf keys>'] = ...
  45 default['openldap']['ldap_lookup_nameservices'] = []  # e.g. ['passwd', 'group']
  46 #default['openldap'][''] =
  47
  48 default['openldap']['server']['ldaps'] = false
  49 default['openldap']['server']['KRB5_KTNAME'] = nil  # e.g. '/etc/krb5.keytab'