slapd: mise au point, reglage acl sur cn=config

templates/change_suffix_and_dit_admin.ldif

@@ -9,3 +9,7 @@ olcrootdn: {{ ldap_admin_dn }}
 replace: olcrootpw
 olcrootpw: {{ ldap_admin_password }}
 
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn.base={{ ldap_admin_dn }}  manage by * none

templates/ldap.conf

@@ -1,5 +1,9 @@
-URI ldap://localhost/
 BASE {{ ldap_suffix }}
 {%if ldap_have_ssl %}
+URI ldaps://{{ ldap_server }}
 TLS_CACERT {{ ldap_ssl_cacert_path }}
+TLS_REQCERT allow 
+URI ldap://localhost/
+{%else%}
+URI ldap://localhost
 {%endif%}

templates/ldap_aliases.sh

@@ -0,0 +1,4 @@
+alias ldm="ldapmodify -x -D {{ ldap_admin_dn }} -y {{ ldap_secret_file }}"
+alias lda="ldapadd -x -D {{ ldap_admin_dn }} -y {{ ldap_secret_file }}"
+alias lds="ldapsearch -xLLL -D {{ ldap_admin_dn }} -y {{ ldap_secret_file }}"
+alias ldrm="ldapdelete -x -D {{ ldap_admin_dn }} -y {{ ldap_secret_file }}"