From 0ebd0875442859c49642d9ff3e99db8c8d35db9b Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 10 Mar 2024 09:50:47 +0100 Subject: [PATCH] fix: move binding dn --- ansible/group_vars/all/vault_sssd | 21 +++++++++++---------- nomad-job/backup-postgress.nomad | 2 +- nomad-job/openldap/openldap.nomad.hcl | 6 ++++++ terraform/vault/ldap.tf | 4 ++-- 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/ansible/group_vars/all/vault_sssd b/ansible/group_vars/all/vault_sssd index d1329d8..8252c72 100644 --- a/ansible/group_vars/all/vault_sssd +++ b/ansible/group_vars/all/vault_sssd @@ -1,11 +1,12 @@ $ANSIBLE_VAULT;1.1;AES256 -61653964333030326633346130613633373333663037316165313436336235376362346237383463 -3835663564663137643565636431353465386338363665620a343031373230623564616635373337 -38653431623135313436643737633932656236666562623837303262323838663564343862653835 -3332346662383935300a646437326262613231616137393664633963623832393633646530613037 -35326335333432383939346132356465313164336434316439633236396465333366666435353535 -35646465313336336466653964303533373133613861626634623363623036643363323063616630 -64636135323431653235643364316238666135626230316537363132313138656532306636333734 -64356532653432613535623761303634353964633162333465393135653338323437336362616164 -63313430303438323535346331386463393535376564346564643363626434626432333031653838 -3332616466306466336161393066633239363463363863323739 +61326233336236343231396231306638373837653661313334313261313539316532373437346132 +3931306637303530373032663236363466383433316161310a396439393564643731656664663639 +32386130663837303663376432633930393663386436666263313939326631616466643237333138 +3365346131636333330a376436323964656563363664336638653564656231636136663635303439 +35346461356337303064623861326331346263373539336335393566623462343464323065366237 +61346637326336613232643462323733366530656439626234663335633965376335623733336162 +37323739376237323534613361333831396531663637666161666366656237353563626164626632 +33326336353663356235373835666166643465666562616663336539316233373430633862613133 +36363831623361393230653161626131353264366634326233363232336635306266376363363739 +66373434343330633337633436316135656533613465613963363931383266323466653762623365 +363332393662393532313063613066653964 diff --git a/nomad-job/backup-postgress.nomad b/nomad-job/backup-postgress.nomad index 1fbe225..8e9af28 100644 --- a/nomad-job/backup-postgress.nomad +++ b/nomad-job/backup-postgress.nomad @@ -49,7 +49,7 @@ job "backup-postgress" { env = true } resources { - memory = 140 + memory = 180 } } diff --git a/nomad-job/openldap/openldap.nomad.hcl b/nomad-job/openldap/openldap.nomad.hcl index 33ccf1f..ffe7c3d 100644 --- a/nomad-job/openldap/openldap.nomad.hcl +++ b/nomad-job/openldap/openldap.nomad.hcl @@ -10,6 +10,12 @@ job "openldap" { attribute = "${attr.cpu.arch}" value = "amd64" } + constraint { + attribute = "${node.class}" + operator = "set_contains" + value = "cluster" + } + vault { policies = ["ldap"] } diff --git a/terraform/vault/ldap.tf b/terraform/vault/ldap.tf index b349341..49a6e6e 100644 --- a/terraform/vault/ldap.tf +++ b/terraform/vault/ldap.tf @@ -1,13 +1,13 @@ resource "vault_ldap_auth_backend" "ldap" { path = "ldap" url = "ldaps://ldaps.service.consul" - userdn = "dc=ducamps,dc=eu" + userdn = "ou=users,dc=ducamps,dc=eu" userattr = "uid" discoverdn = false insecure_tls = true groupdn = "ou=groups,dc=ducamps,dc=eu" groupfilter = "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))" - binddn = "uid=vaultserviceaccount,ou=users,dc=ducamps,dc=eu" + binddn = "uid=vaultserviceaccount,ou=serviceAccount,ou=users,dc=ducamps,dc=eu" groupattr = "cn" bindpass = var.ldap_bindpass }