Add STARTTLS support

This commit is contained in:
paul 2018-10-04 00:29:46 +02:00
parent d205ec0a63
commit 181ede511f
2 changed files with 10 additions and 0 deletions

View file

@ -12,7 +12,11 @@ RUN apt-get update && \
apt-get install --yes --no-install-recommends \ apt-get install --yes --no-install-recommends \
slapd \ slapd \
ldap-utils \ ldap-utils \
gnutls-bin \
ssl-cert \
ca-certificates && \ ca-certificates && \
# allow access to certificates
usermod -a -G ssl-cert openldap && \
# remove the default config, since the entrypoint # remove the default config, since the entrypoint
# will populate it by hand. # will populate it by hand.
rm -rf /etc/ldap/slapd.d && \ rm -rf /etc/ldap/slapd.d && \

View file

@ -14,6 +14,12 @@ olcToolThreads: 1
# Define used format for CRYPT algorithm # Define used format for CRYPT algorithm
# (SHA-512 16-char-salt 50000 rounds) # (SHA-512 16-char-salt 50000 rounds)
olcPasswordCryptSaltFormat: $6$rounds=50000$%.16s olcPasswordCryptSaltFormat: $6$rounds=50000$%.16s
# TLS configuration
olcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key
olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
olcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem
# Consider to force Encryption:
#olcSecurity: tls=1
# Frontend settings # Frontend settings
dn: olcDatabase={-1}frontend,cn=config dn: olcDatabase={-1}frontend,cn=config