Add STARTTLS support
This commit is contained in:
parent
d205ec0a63
commit
181ede511f
2 changed files with 10 additions and 0 deletions
|
@ -12,7 +12,11 @@ RUN apt-get update && \
|
||||||
apt-get install --yes --no-install-recommends \
|
apt-get install --yes --no-install-recommends \
|
||||||
slapd \
|
slapd \
|
||||||
ldap-utils \
|
ldap-utils \
|
||||||
|
gnutls-bin \
|
||||||
|
ssl-cert \
|
||||||
ca-certificates && \
|
ca-certificates && \
|
||||||
|
# allow access to certificates
|
||||||
|
usermod -a -G ssl-cert openldap && \
|
||||||
# remove the default config, since the entrypoint
|
# remove the default config, since the entrypoint
|
||||||
# will populate it by hand.
|
# will populate it by hand.
|
||||||
rm -rf /etc/ldap/slapd.d && \
|
rm -rf /etc/ldap/slapd.d && \
|
||||||
|
|
|
@ -14,6 +14,12 @@ olcToolThreads: 1
|
||||||
# Define used format for CRYPT algorithm
|
# Define used format for CRYPT algorithm
|
||||||
# (SHA-512 16-char-salt 50000 rounds)
|
# (SHA-512 16-char-salt 50000 rounds)
|
||||||
olcPasswordCryptSaltFormat: $6$rounds=50000$%.16s
|
olcPasswordCryptSaltFormat: $6$rounds=50000$%.16s
|
||||||
|
# TLS configuration
|
||||||
|
olcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key
|
||||||
|
olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
|
||||||
|
olcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||||
|
# Consider to force Encryption:
|
||||||
|
#olcSecurity: tls=1
|
||||||
|
|
||||||
# Frontend settings
|
# Frontend settings
|
||||||
dn: olcDatabase={-1}frontend,cn=config
|
dn: olcDatabase={-1}frontend,cn=config
|
||||||
|
|
Loading…
Reference in a new issue