Add STARTTLS support
This commit is contained in:
parent
d205ec0a63
commit
181ede511f
2 changed files with 10 additions and 0 deletions
|
|
@ -12,7 +12,11 @@ RUN apt-get update && \
|
|||
apt-get install --yes --no-install-recommends \
|
||||
slapd \
|
||||
ldap-utils \
|
||||
gnutls-bin \
|
||||
ssl-cert \
|
||||
ca-certificates && \
|
||||
# allow access to certificates
|
||||
usermod -a -G ssl-cert openldap && \
|
||||
# remove the default config, since the entrypoint
|
||||
# will populate it by hand.
|
||||
rm -rf /etc/ldap/slapd.d && \
|
||||
|
|
|
|||
|
|
@ -14,6 +14,12 @@ olcToolThreads: 1
|
|||
# Define used format for CRYPT algorithm
|
||||
# (SHA-512 16-char-salt 50000 rounds)
|
||||
olcPasswordCryptSaltFormat: $6$rounds=50000$%.16s
|
||||
# TLS configuration
|
||||
olcTLSCertificateKeyFile: /etc/ssl/private/ssl-cert-snakeoil.key
|
||||
olcTLSCACertificateFile: /etc/ssl/certs/ca-certificates.crt
|
||||
olcTLSCertificateFile: /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||
# Consider to force Encryption:
|
||||
#olcSecurity: tls=1
|
||||
|
||||
# Frontend settings
|
||||
dn: olcDatabase={-1}frontend,cn=config
|
||||
|
|
|
|||
Loading…
Reference in a new issue