2 # Cookbook Name:: openldap-grid
5 # Copyright 2013-2016, whitestar
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
20 default['openldap']['with_ssl_cert_cookbook'] = false
21 # If node['openldap']['with_ssl_cert_cookbook'] is true,
22 # node['openldap']['client']['TLS_CACERT'] and ['openldap']['nss-ldapd']['tls_cacertfile']
23 # are overridden by the following 'ca_name' attributes.
24 default['openldap']['ssl_cert']['ca_name'] = nil
25 default['openldap']['ssl_cert']['common_name'] = node['fqdn']
27 default['openldap']['client']['URI'] = nil # ldap://ldap.example.com ldap://ldap-master.example.com:666
28 default['openldap']['client']['BASE'] = nil # dc=example,dc=com
29 default['openldap']['client']['SIZELIMIT'] = nil # 12
30 default['openldap']['client']['TIMELIMIT'] = nil # 15
31 default['openldap']['client']['DEREF'] = nil # never
32 default['openldap']['client']['TLS_CACERT'] = nil # /etc/ssl/certs/cacert.pem
33 default['openldap']['client']['TLS_REQCERT'] = nil # never|allow|try|demand*
34 default['openldap']['client']['TLS_CHECKPEER'] = nil # yes*|no
35 default['openldap']['client']['SASL_MECH'] = nil # GSSAPI
36 default['openldap']['client']['TLS_CACERTDIR'] = node.value_for_platform_family(
38 'rhel' => '/etc/openldap/certs'
40 #default['openldap']['client']['<ldap.conf keys>'] = ...
42 default['openldap']['nss-ldapd']['uri'] = 'ldap://127.0.0.1/'
43 default['openldap']['nss-ldapd']['base'] = 'dc=example,dc=net'
44 #default['openldap']['nss-ldapd']['<nslcd.conf keys>'] = ...
45 default['openldap']['ldap_lookup_nameservices'] = [] # e.g. ['passwd', 'group']
46 #default['openldap'][''] =
48 default['openldap']['server']['ldaps'] = false
49 default['openldap']['server']['KRB5_KTNAME'] = nil # e.g. '/etc/krb5.keytab'