Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/246242
Change subject: ldap.conf: Remove openldap unused parameters
......................................................................
ldap.conf: Remove openldap unused parameters
OpenLDAP does not honor BINDDN in ldap.conf. It will only honor it in
.ldaprc files and we don't populate these right now. BINDPW is not
honored at all by OpenLDAP. Also have ERB trim it's trailing whiteline
Change-Id: I3ab361609e3d603aecc5a1853d41ddd04cace3b2
---
M modules/ldap/templates/open_ldap.erb
1 file changed, 1 insertion(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/42/246242/1
diff --git a/modules/ldap/templates/open_ldap.erb
b/modules/ldap/templates/open_ldap.erb
index 3f21155..25b2d5e 100644
--- a/modules/ldap/templates/open_ldap.erb
+++ b/modules/ldap/templates/open_ldap.erb
@@ -1,12 +1,10 @@
BASE <%= @ldapconfig["basedn"] %>
URI <% @ldapconfig["servernames"].each do |servername|
-%>ldap://<%= servername %>:389 <% end -%>
-BINDDN cn=proxyagent,ou=profile,<%= @ldapconfig["basedn"] %>
-BINDPW <%= @ldapconfig["proxypass"] %>
SSL start_tls
TLS_CHECKPEER yes
TLS_REQCERT demand
TLS_CACERTDIR /etc/ssl/certs
TLS_CACERTFILE /etc/ssl/certs/<%= @ldapconfig["ca"] %>
TLS_CACERT /etc/ssl/certs/<%= @ldapconfig["ca"] %>
-<% if @ldapincludes.include?('sudo') then %>SUDOERS_BASE <%=
@ldapconfig["sudobasedn"] %><% end %>
+<% if @ldapincludes.include?('sudo') then %>SUDOERS_BASE <%=
@ldapconfig["sudobasedn"] %><% end -%>
--
To view, visit https://gerrit.wikimedia.org/r/246242
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3ab361609e3d603aecc5a1853d41ddd04cace3b2
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
