forked from ISTI-ansible-roles/ansible-roles
75 lines
2.2 KiB
Django/Jinja
75 lines
2.2 KiB
Django/Jinja
<LDAP>
|
|
# LDAP server URL
|
|
URL {{ openvpn_ldap_url }}
|
|
|
|
{% if not openvpn_ldap_anon_bind %}
|
|
# Bind DN (If your LDAP server doesn't support anonymous binds)
|
|
BindDN "{{ openvpn_ldap_binddn }}"
|
|
# Bind Password
|
|
Password "{{ openvpn_ldap_bindpwd }}"
|
|
{% endif %}
|
|
|
|
# Network timeout (in seconds)
|
|
Timeout 15
|
|
|
|
{% if openvpn_ldap_starttls %}
|
|
# Enable Start TLS
|
|
TLSEnable yes
|
|
{% else %}
|
|
TLSEnable no
|
|
{% endif %}
|
|
|
|
{% if not openvpn_ldap_anon_bind %}
|
|
# Follow LDAP Referrals (anonymously)
|
|
FollowReferrals no
|
|
{% else %}
|
|
FollowReferrals yes
|
|
{% endif %}
|
|
|
|
# TLS CA Certificate File
|
|
TLSCACertFile {{ openvpn_ldap_ca }}
|
|
|
|
{% if openvpn_ldap_use_ca_dir %}
|
|
# TLS CA Certificate Directory
|
|
# TLSCACertDir {{ openvpn_ldap_ca_dir }}
|
|
{% endif %}
|
|
|
|
{% if openvpn_ldap_tls_auth %}
|
|
# Client Certificate and key
|
|
# If TLS client authentication is required
|
|
TLSCertFile {{ openvpn_ldap_tls_cert }}
|
|
TLSKeyFile {{ openvpn_ldap_tls_key }}
|
|
{% endif %}
|
|
|
|
# Cipher Suite
|
|
# The defaults are usually fine here
|
|
#TLSCipherSuite {{ openvpn_ldap_tls_ciphersuite }}
|
|
</LDAP>
|
|
|
|
<Authorization>
|
|
# Base DN
|
|
BaseDN "{{ openvpn_ldap_base_dn }}"
|
|
|
|
# User Search Filter
|
|
SearchFilter "{{ openvpn_ldap_user_search }}"
|
|
|
|
# Require Group Membership
|
|
RequireGroup {{ openvpn_ldap_require_group }}
|
|
|
|
{% if openvpn_ldap_require_group %}
|
|
# Add non-group members to a PF table (disabled)
|
|
#PFTable ips_vpn_users
|
|
|
|
<Group>
|
|
BaseDN "{{ openvpn_ldap_group_base }}"
|
|
SearchFilter "{{ openvpn_ldap_group_filter }}"
|
|
{% if openvpn_ldap_without_posix_groups %}
|
|
RFC2307bis {{ openvpn_ldap_without_posix_groups }}
|
|
{% endif %}
|
|
MemberAttribute {{ openvpn_ldap_group_member_attr }}
|
|
# Add group members to a PF table (disabled)
|
|
# #PFTable ips_vpn_eng
|
|
</Group>
|
|
{% endif %}
|
|
</Authorization>
|