fix: move binding dn

2024-03-10 09:50:47 +01:00 · 2024-03-10 09:50:47 +01:00 · 0ebd087544
commit 0ebd087544
parent b7dc26cc27
4 changed files with 20 additions and 13 deletions
--- a/ansible/group_vars/all/vault_sssd
+++ b/ansible/group_vars/all/vault_sssd
@ -1,11 +1,12 @@
 $ANSIBLE_VAULT;1.1;AES256
-61653964333030326633346130613633373333663037316165313436336235376362346237383463
-3835663564663137643565636431353465386338363665620a343031373230623564616635373337
-38653431623135313436643737633932656236666562623837303262323838663564343862653835
-3332346662383935300a646437326262613231616137393664633963623832393633646530613037
-35326335333432383939346132356465313164336434316439633236396465333366666435353535
-35646465313336336466653964303533373133613861626634623363623036643363323063616630
-64636135323431653235643364316238666135626230316537363132313138656532306636333734
-64356532653432613535623761303634353964633162333465393135653338323437336362616164
-63313430303438323535346331386463393535376564346564643363626434626432333031653838
-3332616466306466336161393066633239363463363863323739
+61326233336236343231396231306638373837653661313334313261313539316532373437346132
+3931306637303530373032663236363466383433316161310a396439393564643731656664663639
+32386130663837303663376432633930393663386436666263313939326631616466643237333138
+3365346131636333330a376436323964656563363664336638653564656231636136663635303439
+35346461356337303064623861326331346263373539336335393566623462343464323065366237
+61346637326336613232643462323733366530656439626234663335633965376335623733336162
+37323739376237323534613361333831396531663637666161666366656237353563626164626632
+33326336353663356235373835666166643465666562616663336539316233373430633862613133
+36363831623361393230653161626131353264366634326233363232336635306266376363363739
+66373434343330633337633436316135656533613465613963363931383266323466653762623365
+363332393662393532313063613066653964
--- a/nomad-job/backup-postgress.nomad
+++ b/nomad-job/backup-postgress.nomad
@ -49,7 +49,7 @@ job "backup-postgress" {
        env         = true
      }
      resources {
-        memory = 140
+        memory = 180
      }
    }

--- a/nomad-job/openldap/openldap.nomad.hcl
+++ b/nomad-job/openldap/openldap.nomad.hcl
@ -10,6 +10,12 @@ job "openldap" {
    attribute = "${attr.cpu.arch}"
    value     = "amd64"
  }
+  constraint {
+    attribute = "${node.class}"
+    operator = "set_contains"
+    value = "cluster"
+  }
+
  vault {
    policies = ["ldap"]
  }
--- a/terraform/vault/ldap.tf
+++ b/terraform/vault/ldap.tf
@ -1,13 +1,13 @@
 resource "vault_ldap_auth_backend" "ldap" {
    path        = "ldap"
    url         = "ldaps://ldaps.service.consul"
-    userdn      = "dc=ducamps,dc=eu"
+    userdn      = "ou=users,dc=ducamps,dc=eu"
    userattr    = "uid"
    discoverdn  = false
    insecure_tls = true
    groupdn     = "ou=groups,dc=ducamps,dc=eu"
    groupfilter = "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))"
-    binddn      = "uid=vaultserviceaccount,ou=users,dc=ducamps,dc=eu"
+    binddn      = "uid=vaultserviceaccount,ou=serviceAccount,ou=users,dc=ducamps,dc=eu"
    groupattr   = "cn"
    bindpass    = var.ldap_bindpass
 }