qzwi: add LDAP
This commit is contained in:
parent
0e6fbd3e78
commit
471f8e8771
12 changed files with 412 additions and 1 deletions
45
bundles/openldap/files/etc-default-slapd
Normal file
45
bundles/openldap/files/etc-default-slapd
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
# Default location of the slapd.conf file or slapd.d cn=config directory. If
|
||||||
|
# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
|
||||||
|
# /etc/ldap/slapd.conf).
|
||||||
|
SLAPD_CONF=/etc/ldap/slapd.conf
|
||||||
|
|
||||||
|
# System account to run the slapd server under. If empty the server
|
||||||
|
# will run as root.
|
||||||
|
SLAPD_USER="openldap"
|
||||||
|
|
||||||
|
# System group to run the slapd server under. If empty the server will
|
||||||
|
# run in the primary group of its user.
|
||||||
|
SLAPD_GROUP="openldap"
|
||||||
|
|
||||||
|
# Path to the pid file of the slapd server. If not set the init.d script
|
||||||
|
# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
|
||||||
|
# default)
|
||||||
|
SLAPD_PIDFILE=
|
||||||
|
|
||||||
|
# slapd normally serves ldap only on all TCP-ports 389. slapd can also
|
||||||
|
# service requests on TCP-port 636 (ldaps) and requests via unix
|
||||||
|
# sockets.
|
||||||
|
# Example usage:
|
||||||
|
# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
|
||||||
|
SLAPD_SERVICES="ldap:/// ldapi:/// ldaps://0.0.0.0:636/"
|
||||||
|
|
||||||
|
# If SLAPD_NO_START is set, the init script will not start or restart
|
||||||
|
# slapd (but stop will still work). Uncomment this if you are
|
||||||
|
# starting slapd via some other means or if you don't want slapd normally
|
||||||
|
# started at boot.
|
||||||
|
#SLAPD_NO_START=1
|
||||||
|
|
||||||
|
# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
|
||||||
|
# the init script will not start or restart slapd (but stop will still
|
||||||
|
# work). Use this for temporarily disabling startup of slapd (when doing
|
||||||
|
# maintenance, for example, or through a configuration management system)
|
||||||
|
# when you don't want to edit a configuration file.
|
||||||
|
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
|
||||||
|
|
||||||
|
# For Kerberos authentication (via SASL), slapd by default uses the system
|
||||||
|
# keytab file (/etc/krb5.keytab). To use a different keytab file,
|
||||||
|
# uncomment this line and change the path.
|
||||||
|
#export KRB5_KTNAME=/etc/krb5.keytab
|
||||||
|
|
||||||
|
# Additional options to pass to slapd
|
||||||
|
SLAPD_OPTIONS=""
|
9
bundles/openldap/files/openssh-lpk_openldap.schema
Normal file
9
bundles/openldap/files/openssh-lpk_openldap.schema
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
|
||||||
|
DESC 'MANDATORY: OpenSSH Public key'
|
||||||
|
EQUALITY octetStringMatch
|
||||||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
|
||||||
|
|
||||||
|
objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
|
||||||
|
DESC 'MANDATORY: OpenSSH LPK objectclass'
|
||||||
|
MAY ( sshPublicKey $ uid )
|
||||||
|
)
|
88
bundles/openldap/files/slapd.conf
Normal file
88
bundles/openldap/files/slapd.conf
Normal file
|
@ -0,0 +1,88 @@
|
||||||
|
include /etc/ldap/schema/core.schema
|
||||||
|
include /etc/ldap/schema/cosine.schema
|
||||||
|
include /etc/ldap/schema/nis.schema
|
||||||
|
include /etc/ldap/schema/inetorgperson.schema
|
||||||
|
% for schema in sorted(conf.get('schemas', set())):
|
||||||
|
include /etc/ldap/schema/${schema}.schema
|
||||||
|
% endfor
|
||||||
|
include /etc/ldap/schema/ppolicy.schema
|
||||||
|
|
||||||
|
pidfile /var/run/slapd/slapd.pid
|
||||||
|
argsfile /var/run/slapd/slapd.args
|
||||||
|
|
||||||
|
# OpenLDAP logs can get rather spammy, so we enable logging only
|
||||||
|
# on demand for debug purposes to keep the syslog nice and tidy.
|
||||||
|
loglevel ${conf.get('loglevel', 0)}
|
||||||
|
|
||||||
|
sizelimit unlimited
|
||||||
|
|
||||||
|
disallow bind_anon
|
||||||
|
|
||||||
|
modulepath /usr/lib/ldap
|
||||||
|
moduleload back_mdb.so
|
||||||
|
moduleload back_monitor.so
|
||||||
|
moduleload back_ldap.so
|
||||||
|
moduleload memberof.so
|
||||||
|
moduleload syncprov.so
|
||||||
|
moduleload ppolicy.so
|
||||||
|
moduleload pw-sha2.so
|
||||||
|
|
||||||
|
TLSCACertificateFile /etc/ldap/ssl/${conf['ssl']}.crt_intermediate.pem
|
||||||
|
TLSCertificateFile /etc/ldap/ssl/${conf['ssl']}.crt.pem
|
||||||
|
TLSCertificateKeyFile /etc/ldap/ssl/${conf['ssl']}.key.pem
|
||||||
|
#TLSVerifyClient never
|
||||||
|
#TLSCRLCheck none
|
||||||
|
#security tls=1
|
||||||
|
|
||||||
|
backend mdb
|
||||||
|
database mdb
|
||||||
|
suffix "dc=qzwi,dc=de"
|
||||||
|
checkpoint 32 30
|
||||||
|
rootdn "uid=root,dc=qzwi,dc=de"
|
||||||
|
rootpw ${conf['rootpw']}
|
||||||
|
directory /var/lib/ldap
|
||||||
|
# mdb has a limit:
|
||||||
|
maxsize 1000000000
|
||||||
|
|
||||||
|
monitoring on
|
||||||
|
|
||||||
|
index cn pres,eq
|
||||||
|
index dc pres,eq
|
||||||
|
index member pres,eq
|
||||||
|
index memberOf pres,eq
|
||||||
|
index memberUid eq
|
||||||
|
index objectClass eq
|
||||||
|
index uid pres,eq
|
||||||
|
|
||||||
|
overlay memberof
|
||||||
|
memberof-group-oc groupOfNames
|
||||||
|
memberof-member-ad member
|
||||||
|
memberof-memberof-ad memberOf
|
||||||
|
memberof-refint TRUE
|
||||||
|
|
||||||
|
overlay ppolicy
|
||||||
|
|
||||||
|
#access to dn.one="ou=QZWI,dc=qzwi,dc=de"
|
||||||
|
# attrs=userPassword
|
||||||
|
# by anonymous auth
|
||||||
|
# by * break
|
||||||
|
|
||||||
|
#access to * by group="ou=qzwi-admins,ou=Groups,dc=qzwi,dc=de" manage by * break
|
||||||
|
|
||||||
|
% for tree, matches in sorted(conf.get('access', {}).items()):
|
||||||
|
# ${tree}
|
||||||
|
% for access, user in sorted(matches.items()):
|
||||||
|
access to dn.sub="${tree}" by dn.exact="${user}" ${access} by * break
|
||||||
|
% endfor
|
||||||
|
# / ${tree}
|
||||||
|
|
||||||
|
% endfor
|
||||||
|
|
||||||
|
# Grant read access to all applications
|
||||||
|
#access to dn.children="ou=Applications,dc=qzwi,dc=de" attrs=userPassword by anonymous auth by * break
|
||||||
|
#access to dn.sub="ou=People,dc=qzwi,dc=de" by dn.children="ou=Applications,dc=qzwi,dc=de" read by * break
|
||||||
|
#access to dn.sub="ou=Groups,dc=qzwi,dc=de" by dn.children="ou=Applications,dc=qzwi,dc=de" read by * break
|
||||||
|
|
||||||
|
database monitor
|
||||||
|
rootDN "cn=admin,cn=Monitor"
|
||||||
|
rootPW admin
|
13
bundles/openldap/files/slapdump
Normal file
13
bundles/openldap/files/slapdump
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# ^^^^ Needed for fancy co-processes.
|
||||||
|
|
||||||
|
db=$1
|
||||||
|
|
||||||
|
[[ -z "$db" ]] && { echo "Usage: $0 <db>" >&2; exit 1; }
|
||||||
|
|
||||||
|
slapcat -b "$db" -f /etc/ldap/slapd.conf \
|
||||||
|
1> >(gzip >/var/tmp/ldapdumps/"$db".gz) \
|
||||||
|
2> >(grep -v \
|
||||||
|
-e "no DB_CONFIG file found in directory" \
|
||||||
|
-e "Expect poor performance" \
|
||||||
|
>&2)
|
115
bundles/openldap/items.py
Normal file
115
bundles/openldap/items.py
Normal file
|
@ -0,0 +1,115 @@
|
||||||
|
from re import sub
|
||||||
|
|
||||||
|
svc_systemd = {
|
||||||
|
'slapd': {
|
||||||
|
'needs': {
|
||||||
|
'file:/etc/ldap/slapd.conf',
|
||||||
|
'file:/etc/ldap/ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')),
|
||||||
|
'file:/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
|
||||||
|
'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
|
||||||
|
'pkg_apt:slapd',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
directories = {
|
||||||
|
'/etc/ldap/ssl': {
|
||||||
|
'purge': True,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
files = {
|
||||||
|
'/etc/default/slapd': {
|
||||||
|
'source': 'etc-default-slapd',
|
||||||
|
'triggers': {
|
||||||
|
'svc_systemd:slapd:restart',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'/etc/ldap/slapd.d': {
|
||||||
|
'delete': True,
|
||||||
|
'needs': {
|
||||||
|
'pkg_apt:slapd',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'/etc/ldap/slapd.conf': {
|
||||||
|
'content_type': 'mako',
|
||||||
|
'context': {
|
||||||
|
'conf': node.metadata.get('openldap'),
|
||||||
|
},
|
||||||
|
'needs': {
|
||||||
|
'pkg_apt:slapd',
|
||||||
|
},
|
||||||
|
'triggers': {
|
||||||
|
'svc_systemd:slapd:restart',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'/etc/ldap/ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')): {
|
||||||
|
'owner': 'openldap',
|
||||||
|
'mode': '0440',
|
||||||
|
# Those files can exist independently, but the private
|
||||||
|
# key might come from a Fault and we must make sure to
|
||||||
|
# put matching private and public keys on the system.
|
||||||
|
'needs': {
|
||||||
|
'file:/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
|
||||||
|
'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
|
||||||
|
},
|
||||||
|
'triggers': {
|
||||||
|
'svc_systemd:slapd:restart',
|
||||||
|
},
|
||||||
|
'source': 'ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')),
|
||||||
|
},
|
||||||
|
'/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')): {
|
||||||
|
'owner': 'openldap',
|
||||||
|
'mode': '0440',
|
||||||
|
'content': repo.vault.decrypt_file('ssl/{}.key.pem.vault'.format(node.metadata.get('openldap/ssl'))),
|
||||||
|
'needs': {
|
||||||
|
'pkg_apt:slapd',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')): {
|
||||||
|
'owner': 'openldap',
|
||||||
|
'mode': '0440',
|
||||||
|
# Those files can exist independently, but the private
|
||||||
|
# key might come from a Fault and we must make sure to
|
||||||
|
# put matching private and public keys on the system.
|
||||||
|
'needs': {
|
||||||
|
'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
|
||||||
|
},
|
||||||
|
'source': 'ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
|
||||||
|
},
|
||||||
|
'/usr/local/sbin/slapdump': {
|
||||||
|
'mode': '0755',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for schema in node.metadata.get('openldap/schemas', {}):
|
||||||
|
files['/etc/ldap/schema/{}.schema'.format(schema)] = {
|
||||||
|
'source': '{}.schema'.format(schema),
|
||||||
|
'triggers': {
|
||||||
|
'svc_systemd:slapd:restart',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
directories = {
|
||||||
|
'/var/tmp/ldapdumps': {
|
||||||
|
'mode': '0700',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
users = {
|
||||||
|
'openldap': {
|
||||||
|
'needs': {
|
||||||
|
'pkg_apt:slapd',
|
||||||
|
},
|
||||||
|
'triggers': {
|
||||||
|
'svc_systemd:slapd:restart',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for database in node.metadata.get('openldap/backup', set()):
|
||||||
|
cleaned = sub('[^a-zA-Z0-9]', '_', database)
|
||||||
|
files[f'/etc/backup-pre-hooks.d/50-ldapdump-{cleaned}'] = {
|
||||||
|
'content': f'#!/bin/sh\n/usr/local/sbin/slapdump {database}\n',
|
||||||
|
'mode': '0755',
|
||||||
|
}
|
71
bundles/openldap/metadata.py
Normal file
71
bundles/openldap/metadata.py
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
from bundlewrap.metadata import atomic
|
||||||
|
|
||||||
|
|
||||||
|
defaults = {
|
||||||
|
'apt': {
|
||||||
|
'packages': {
|
||||||
|
'db-util': {},
|
||||||
|
'ldap-utils': {},
|
||||||
|
'slapd': {},
|
||||||
|
'slapd-contrib': {},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'backups': {
|
||||||
|
'paths': {
|
||||||
|
# Create backups both from ZFS and from dumps. Because
|
||||||
|
# they're cheap.
|
||||||
|
'/var/lib/ldap',
|
||||||
|
'/var/tmp/ldapdumps',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'cron': {
|
||||||
|
},
|
||||||
|
'icinga2_api': {
|
||||||
|
'openldap': {
|
||||||
|
'services': {
|
||||||
|
'OPENLDAP PROCESS': {
|
||||||
|
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C slapd -c 1:1',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'openldap': {
|
||||||
|
'rootpw': repo.vault.password_for(f'{node.name} openldap rootpw'),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor.provides(
|
||||||
|
'icinga2_api/openldap/services/OPENLDAP CERTIFICATE',
|
||||||
|
)
|
||||||
|
def cert_check(metadata):
|
||||||
|
return {
|
||||||
|
'icinga2_api': {
|
||||||
|
'openldap': {
|
||||||
|
'services': {
|
||||||
|
'OPENLDAP CERTIFICATE': {
|
||||||
|
'check_command': 'check_certificate_at',
|
||||||
|
'vars.domain': metadata.get('openldap/my_hostname'),
|
||||||
|
'vars.port': '636',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor.provides(
|
||||||
|
'firewall/port_rules/389',
|
||||||
|
'firewall/port_rules/636',
|
||||||
|
)
|
||||||
|
def sperrfix(metadata):
|
||||||
|
sources = metadata.get('openldap/restrict-to', set())
|
||||||
|
|
||||||
|
return {
|
||||||
|
'firewall': {
|
||||||
|
'port_rules': {
|
||||||
|
'389': atomic(sources),
|
||||||
|
'636': atomic(sources),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
1
data/openldap/files/ssl
Symbolic link
1
data/openldap/files/ssl
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../ssl/
|
25
data/openldap/qzwi-ldap-initial-schema.ldif
Normal file
25
data/openldap/qzwi-ldap-initial-schema.ldif
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
dn: dc=qzwi,dc=de
|
||||||
|
objectClass: top
|
||||||
|
objectClass: dcObject
|
||||||
|
objectClass: organization
|
||||||
|
dc: qzwi
|
||||||
|
o: qzwi
|
||||||
|
description: ldap.qzwi.de
|
||||||
|
|
||||||
|
dn: ou=Users,dc=qzwi,dc=de
|
||||||
|
ou: Users
|
||||||
|
objectClass: top
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
description: Queeres Zentrum Wiesbaden Users
|
||||||
|
|
||||||
|
dn: ou=Groups,dc=qzwi,dc=de
|
||||||
|
ou: Groups
|
||||||
|
objectClass: top
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
description: Queeres Zentrum Wiesbaden Group
|
||||||
|
|
||||||
|
dn: ou=Applications,dc=qzwi,dc=de
|
||||||
|
ou: Applications
|
||||||
|
objectClass: top
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
description: Queeres Zentrum Wiesbaden Applications
|
29
data/ssl/_.qzwi.de.crt.pem
Normal file
29
data/ssl/_.qzwi.de.crt.pem
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFBTCCAu2gAwIBAgIUDUYK1myfKP53GcsSCKd/F8bk3c8wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwEjEQMA4GA1UEAwwHcXp3aS5kZTAeFw0yMTEyMTcwOTE1MjBaFw0zMTEyMTUw
|
||||||
|
OTE1MjBaMBIxEDAOBgNVBAMMB3F6d2kuZGUwggIiMA0GCSqGSIb3DQEBAQUAA4IC
|
||||||
|
DwAwggIKAoICAQDU1Ga9S7NRX18I8bf33tdS9EgUYO+9ImkPI/28zb06syhbnYS4
|
||||||
|
9mL1nxtpiKQbP0jetJMHz4FbGfSGWNdgQo85XemMP/fAHIps+5U1hMGL6Eqcitsd
|
||||||
|
qh3L13OmuiMdMLp82f92LZ788NEvds3LYpCptc495KNVJh5BH3kh7LBFI54UNQfE
|
||||||
|
TiXhuQPJE27Sod4By0z9+GVeoifwlUiGssBf6DYZ74nUMMq31xRKtVwglJQHSSut
|
||||||
|
mAa5Q29Rb5pl8UqxtCXqQZD5xvJOKnEITbYukWfAKSKntJAT2KYl3jFGy0E7YGw5
|
||||||
|
yIZEFcR5GEqWE/GdD+8ZXicmg47QpZ2uN85OQEQifKxjkHHe6dgQknMMahXfvh9R
|
||||||
|
3zivKXd87Q3Xzz5UmTsIkGt7Sg9AIqrcwYCEUht6U8KpUGYdaVKm9Jlo+CVRqiJG
|
||||||
|
IsvUAvzw7q4L/mqn8STQ01gXYBDlITvD4zJGvBRKYt+wodeWgU8XaSh9/A5q3F0q
|
||||||
|
T/nenSVUdSuxq/CNxlGWKy+p9HmPOiuy4waVustfGa5o+V8XTwDeWAf3uDJZkLhU
|
||||||
|
VFcvk4C7Ad1FY1mAQNs/9vYgsr2uOnGEJBWpyzv1J2f//nCgJmdB4qPsEsMKyegb
|
||||||
|
eDPgkLO2ezyFYHMqlynSQzPoix6AP45hx7HTiaiONCjUg82VQnOxZEgfgwIDAQAB
|
||||||
|
o1MwUTAdBgNVHQ4EFgQUaFaFeP6v5U+vvfyB55EQ8xKXeYIwHwYDVR0jBBgwFoAU
|
||||||
|
aFaFeP6v5U+vvfyB55EQ8xKXeYIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
|
||||||
|
AQsFAAOCAgEAwd2Dp0vvYygJ965cv4hUQiDZuwkIWq//l5gWIPnNyJdxxtR1mgls
|
||||||
|
68MbtHqMuhrOKqDlkWurpvvZQa3o01NggJKQCG/01DcEqw1/+4yfnfWFfOHW+gW7
|
||||||
|
VCvA1XNUndiusTyJkL4o2bIkAvMsEgJgrPNRHZeLGQ69/4FMXwGHvaO0zJgV1un7
|
||||||
|
6W4Feupbm3lHV42QHpfhUhnwSkqg2JCNUodujwlH3fPKlAu4SKo4Pu/G+lh8+G5K
|
||||||
|
eblHotq+feaxQ7bpFBpDilGI8bbCfzlOcHcXf3Com0IaomSRhN9X7ZSFOdCp87fm
|
||||||
|
ygf7xSRHl08zL430WM96vYGQilRxNeA1oQvFeBa2icS1bBnXTZgnZCYQeunF4tT9
|
||||||
|
A0hXYUyznxLk2V35ttKZWShDuLKJWbHrwJTPRi3GraRYwPg2jVxscbTbPXj5uIfR
|
||||||
|
x/OKUSRGaKdM8t7WU6nWJJKycss7h/WtCUfulObfhXVaLGnc3njiqZkFL1jdq4VS
|
||||||
|
5jia+Gh2uQV80ornJ1g96I9L/ZorpDtqh9AbWbjSWCkEtzIq7KDoHlJthl+lnirg
|
||||||
|
h15k/53en7d8Uy55fZ9QPeItqA+Pzd4CG+TFbpqN4qEWg+vLJHNiNANwrC954KLG
|
||||||
|
hBbLk4DwydxTZgiaCMACd8igZDH+yc/ZxP8OJF2VoLngNcC6XD6JMoQ=
|
||||||
|
-----END CERTIFICATE-----
|
0
data/ssl/_.qzwi.de.crt_intermediate.pem
Normal file
0
data/ssl/_.qzwi.de.crt_intermediate.pem
Normal file
1
data/ssl/_.qzwi.de.key.pem.vault
Normal file
1
data/ssl/_.qzwi.de.key.pem.vault
Normal file
|
@ -0,0 +1 @@
|
||||||
|
encrypt$gAAAAABhvFVeFPxAVqNPmpQmoxOWjAsV8a23BvNeZTCRcp_M1kbQXqTNM_7aK2gUaxdxDNceqZTz2hhHoO9T0xuf-M4SjRdgK5vm5nnw7vor7VR5qlEcT1lJOWzp393vK1mHR-ogMhPMQ6b6iMty4G-Yfn0WW-6hySQ2jhJ85ViQIgh0v5tmXHjRFinuWUJYaYefJOAtp9EHygf1ouPFNcxt3NpX9mdYZ77sUqf0wD72etu9j2tYBfJ3ypYxVIZZdm4oXGdj8RZqWJpjRRvCbY0L68UtAHXLBvzyyIEhJxuNTpb19bGhdG8pzZvX3XkLwR8VQxhEMC3CzkpYCnwRjM9SFXgnMkWO_PmlmpqApaPmlMgnXbvSYScXh7YZp-er-c3qZyM20T1ycvRAx0LCduE_wrUPnQfXg287r2qbTu1WOXnwQS90n5dCM1Tj5DIXL7O1F3XDokvAUgIEh-XWlCOsm7e0XJroWDdL5tWj0qfusIZJDfgb1YpX_HyIJT-wVYWhKgnJwYTTlC99DKjkZAuhZ2ZvDzjnsPw_7U0lvrh0A17VwtU7GmYkJVi_Oy--nh-2h0cEgIsRRD5FJ82k-U2tPeV-dnmoKrBBj6X7rBFDsqhjr2guGG6PJmdQQ1BkQClF8CUdY8mzanr6ibUdCNYqBMMTj0Q_xGXR7C-KFBKD1SQd_pzlcxAvVv-G2PMxFQEwCWvxsrv5abJtU6IMMLZbEn4CwbNOXJIc5AxnLcW-f3gV6bzm7VjIYKoCFetbkrUanTW0wa0PnXl9-pLCTR59WmxhXmCHmmsMf1Afsy9oE9YbqXNlLovjhGNh1ITfiNZdT8Xx4neMFiESMded5kPoP9vpcKtZtwAS7Kw6sz3JJSMMxnqXEqO5Y6IxjRMLEXsan-D8LZnkZwTWZ-TZLkgg2n70m9xtSZwGBdHscZWBcWKVlSQR6Thf9vHhScUhH7VqsE8t_U8mU522Y94UzzuSiperbf1HzQ_GO1Mr9zPSqkTyVClKvAGU9vcA5oU8ebmEkFb8d7vTuZjY2fKiC41xt9ZpeDngEsM6w4uUuSt44ePBloH1HMuG4tbF_B490p7G2C2XSpKP0ilWKUNTyX4yOQ8ISgBSr2MpkfW_oY4DRaqA1yCWCykdNso7U_yJp9n9F6_8Orj2nhoc6Hlqq1CdWvXd4LTwVYk77aBuXoLnkw3ytAD0V-rOEUJDgXmaPVBclX-OkL8Ht6ojzxv-N-EVNY3jeMk4NVDn053aFUQaEP-2bpm7d1o8_WyxznIQiopcyatABEZin15mzyrUwltDWUzyj2gn_WkafiYE8mbVx1O3pde6sMcu2wjTE9qtKSEjj1Y0_Szx-iwJdGbhDs6kIIbZH17w0oxf1hxRHQcG5dhsC1cyZX12VbWBumjkuoI1N5wBfr0zqvCCBmw4REOI6VklRAJxtkBtSVl2ClsUPZMu_wtfZPLEnhbfjS714wPckvupXHKqDMoLHjBJSgFAhOG9bG3jpFBj6_1PPkDWadwqtGcvvqGjfpLdEPa7k7NoLsa3lC44MIjs-mgv9JboCZWj8Rvwrq-BTpuezvNuHcfLPag4JkNlEdOtp8JDWMOPIbgIwW_knijnQMyVUFSUyoFMOEiEJhBKWnaA5ED01QGaNJHNXy9oRWCcoU4RqartuMN8G3xymbxJpJZzbVs3L2vvMZnV9XJJAHgto1DxYefqqW4d7TetW4ixFLZF6c2tZuJwb48gU-L8xIZZk2T9FOIn2G0nOtUGzKChiWElU393ijmZihJ4Dr3P4-A3nwo1YREoCzrxsYBpLKO7Ofsmfm6OOK9-4SmxRdAvL3fh-KRZ3lrHkc9_c5Q04mN7m6w871dlGDSofCpz2MN9sdSrvqh_-hkR2ZuiSdbAzb6DMzlMK27VViAngyIdVVVk582cOj0wXXPte_uIvO5nhWBE8I6IbZrV_adgvxcoILe22pcPzMIgqXO3k3Ww7mmLmYBygVklvFApS3qrn_BxxnHk9AWPUT9l5rn3WCQ4kmd9YxOl9poI3cs_pjEwPvOMG-IsJtJCzOKwmInRDXGZe1YymhQw7U03_k2yleN3Qr-dV5YS8-6d09joT_q2TP1LBivitl0yXkfMbX8MBxWAL4b5YluZ6hNF-f7jNxIPPuicdjFoO97IGahMFMUj68lDmtQysDESrZo4CB4pPfNEkbgzEaTOfAgTF1Jj-S-XT_X9czuh8mI_EtykkzYijOPrO318eXgj7wSRu1yL0SUjcCZCuLLBkDy_hxHYfaDhp_JUNCltZGpcbe6PD4NZprhptbKY0rMH00C3t8JzzpwD4hJfnUeZwvz06ZKHNaVMkMG_jwl9E1CBXCnDHFWswL90M9OraolSeHuPNDIM_OMyqM_MCoQn3Xqis2rBelonzT9t_fYgR7Pq0NIxjptihEWcMGj7AdqKLi2JTJT1-k1Oa9MSzRu3ClcTcqgW60GpWv2Md20KBQBZ8AjYkDwtKyKtfmIXstVbEt4RUmhTHKzASBm21_RkFsgTYCsGqMdkjccP8F_zi-5o_FxL9f_-2EnDjahOSvyq2ejygRgD3TgOFa_qyCxJ7O_lsvS-mPENJExXnjiFWeKGEqBsxuuohKC26U1D2EWLA7lmDtsKtxcnEKOAJQSkRaMLaHP4R3r0W94UIDSiL7LVqEkrdSoXGOoLjoj1d_q91XYdn9hlC5g7ag158KiAdjcbBD_RPiC5dsAhK5jppW3HCFAXoRZUpWza9eiBAMp9Rub_w5ZGbZzao0FzuJ1m35G3qfauzUhsa0_FRHnfJhGCA2EY8H7jVlYKsMMhNNnsu586imfzQT48_xNlK6gghcdB_bpolB7_lOd1iI7srCYDKV74_SZClQ0tMJthcrG40Chn9gB4pbZa2jlbYMNLxZYvH6dEsKp2NVomFphllvrD_cUqpHHy4v89PagDSE3rWoA4Nt9gG6kUUh81zSP7nIwoo8AUkroH17l8CN90Bb7woTHNtxAe1NYFmw_clmmx5Dz1ox38u6pX2ug9o-tyU3VVia9ajrIOlIewoSDMulCIPTyhLpkdIPgQFkP6B39TQCA51kJuf4rhl1LcNbASAhRukTxVZPUr0dDbZzLItS11daYdSHYEaiPpKJrBZ0_u1QJh27bcado-qXzoRbLE7LKAu6xOx8iQhCZjuZSwecklokb2CXXYlOLrUXTum_zr__E8cg1yAbjFvz002NZjWJdOLxtICWsuqoU9sHGm2zHFbt8e4oyFFKyEgx-7VjM-gwyeR-rVbyNd1AeqMiWAQVcUOC1jZp3OrMBeCtbG6KvGqX8MacHbBXVs-2kDSf61oH7kYm_VTzdG0KwspJU4ba3Oajy4Gzd9u28Sptpdg0NGQk47MTB_TcqmFU48_zoLdwaaLnQoP2oP4Zgj0Xa9nZnwsdXW7_pXe7W0bz6Mb8HhtosrUr9yDdQlSFImQ7HnNC6xp54nNM7i3GL_WSB3TUDgB8x_UHY1dilkARDUL_UFwkQ2CV2xvjx7IoqEHhlIT2O3rs46_IgcHDYtIMS-ZYW1nCYC1xGOUVRAoHTxY7ltp8xPentrDWUaTIIX9NDo17t5c2_6SkJbT2MLCxKjAjwff5CQocmfIgYsEUw1FdWoKsX4Gmgrt6y7d3IHmepdTR7CadMTsq2Hr2ohTjvnVCzJzmOrtqRq7t6ecI8oiDLBuNs-S_xwZeRK-yiHA1gaNkmpVEi1LvoEv9QY2MMe41dllll8C-teJVZTvFyiFxVHZW-TDVtiRCe6n4P-e7lI_yOOf4dCN4qClI2WnLqb8ktB-jN5paLMbQZP1PnuBnEbdp4VNqkMfu-i86FPElg5RqST8u0DU33E_DGx_5hXtAIQot8Aa-aiqRg5wtgIRCInwoBZ92eSfrZ-ylfdKBqdbiRj2OkYiG7uQuqis3C-nrzA_4uZQb4NYjmZ0-U9Due6y_cOWEMGsjqltJET-j4GURahpJU6aHa01bllf4XlCP_9ZiYIviyv6o56hKJLrCCBAxKwBqC4_dzReo4rYKFvygh48a41oM-bjINq49sSJOnERjOqM-Z8lV8oSArDcciXLykjH9tfebVXJYbDMNTEYcCycpIW0Z4SUGnJQfTQm-qhX6YPW6gzsm6Uzo60_ZX-vBN9-ssYCsSy-FgwTB_LdX_d7zIABY4cfzhJ3N2rN9NjgZJwdwjkNsRo23ROhyGnCqYsMvyeCsCJnomai5zbzB7PL1LVlnZPagjfDVE5MbzkZl96oVDuOALiFyBIJc16_kZdXC8N02U0wiXdnVylz1_H8ZjnCT5TmdX8Z4Khdf43Bbqrc7CPozMt9tmsaFQSYzzlIJH_sfsJNFU9pnx1l15emzoaGj6Nmxxgod6NwB4jbQSx1XT9pm3ah26_UF9TJJ0RCFG30wsge9AhtRM20BUjSkJMUBsj9va4O0qdwjetmg==
|
|
@ -1,11 +1,25 @@
|
||||||
hostname = "2a00:f820:528::4"
|
hostname = "2a00:f820:528::4"
|
||||||
bundles = []
|
bundles = [
|
||||||
|
"openldap",
|
||||||
|
]
|
||||||
groups = [
|
groups = [
|
||||||
"debian-bullseye",
|
"debian-bullseye",
|
||||||
]
|
]
|
||||||
|
|
||||||
[metadata.interfaces.enp1s0]
|
[metadata.interfaces.enp1s0]
|
||||||
ips = [
|
ips = [
|
||||||
|
"31.47.232.108/29",
|
||||||
"2a00:f820:528::4",
|
"2a00:f820:528::4",
|
||||||
]
|
]
|
||||||
|
gateway4 = "31.47.232.105"
|
||||||
gateway6 = "2a00:f820:528::1"
|
gateway6 = "2a00:f820:528::1"
|
||||||
|
|
||||||
|
[metadata.openldap]
|
||||||
|
my_hostname = "ldap.qzwi.de"
|
||||||
|
ssl = "_.qzwi.de"
|
||||||
|
backup = [
|
||||||
|
"dc=qzwi,dc=de",
|
||||||
|
]
|
||||||
|
schemas = [
|
||||||
|
"openssh-lpk_openldap",
|
||||||
|
]
|
||||||
|
|
Loading…
Reference in a new issue