vincent/homelab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix: move binding dn

Browse Source
This commit is contained in:
vincent 2024-03-10 09:50:47 +01:00
parent b7dc26cc27
commit 0ebd087544
4 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
ansible/group_vars/all/vault_sssd
View File

@ -1,11 +1,12 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
61653964333030326633346130613633373333663037316165313436336235376362346237383463 61326233336236343231396231306638373837653661313334313261313539316532373437346132
3835663564663137643565636431353465386338363665620a343031373230623564616635373337 3931306637303530373032663236363466383433316161310a396439393564643731656664663639
38653431623135313436643737633932656236666562623837303262323838663564343862653835 32386130663837303663376432633930393663386436666263313939326631616466643237333138
3332346662383935300a646437326262613231616137393664633963623832393633646530613037 3365346131636333330a376436323964656563363664336638653564656231636136663635303439
35326335333432383939346132356465313164336434316439633236396465333366666435353535 35346461356337303064623861326331346263373539336335393566623462343464323065366237
35646465313336336466653964303533373133613861626634623363623036643363323063616630 61346637326336613232643462323733366530656439626234663335633965376335623733336162
64636135323431653235643364316238666135626230316537363132313138656532306636333734 37323739376237323534613361333831396531663637666161666366656237353563626164626632
64356532653432613535623761303634353964633162333465393135653338323437336362616164 33326336353663356235373835666166643465666562616663336539316233373430633862613133
63313430303438323535346331386463393535376564346564643363626434626432333031653838 36363831623361393230653161626131353264366634326233363232336635306266376363363739
3332616466306466336161393066633239363463363863323739 66373434343330633337633436316135656533613465613963363931383266323466653762623365
363332393662393532313063613066653964

2
nomad-job/backup-postgress.nomad
View File

@ -49,7 +49,7 @@ job "backup-postgress" {
env = true env = true
} }
resources { resources {
memory = 140 memory = 180
} }
} }

6
nomad-job/openldap/openldap.nomad.hcl
View File

@ -10,6 +10,12 @@ job "openldap" {
attribute = "${attr.cpu.arch}" attribute = "${attr.cpu.arch}"
value = "amd64" value = "amd64"
} }
constraint {
attribute = "${node.class}"
operator = "set_contains"
value = "cluster"
}
vault { vault {
policies = ["ldap"] policies = ["ldap"]
} }

4
terraform/vault/ldap.tf
View File

@ -1,13 +1,13 @@
resource "vault_ldap_auth_backend" "ldap" { resource "vault_ldap_auth_backend" "ldap" {
path = "ldap" path = "ldap"
url = "ldaps://ldaps.service.consul" url = "ldaps://ldaps.service.consul"
userdn = "dc=ducamps,dc=eu" userdn = "ou=users,dc=ducamps,dc=eu"
userattr = "uid" userattr = "uid"
discoverdn = false discoverdn = false
insecure_tls = true insecure_tls = true
groupdn = "ou=groups,dc=ducamps,dc=eu" groupdn = "ou=groups,dc=ducamps,dc=eu"
groupfilter = "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))" groupfilter = "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))"
binddn = "uid=vaultserviceaccount,ou=users,dc=ducamps,dc=eu" binddn = "uid=vaultserviceaccount,ou=serviceAccount,ou=users,dc=ducamps,dc=eu"
groupattr = "cn" groupattr = "cn"
bindpass = var.ldap_bindpass bindpass = var.ldap_bindpass
} }