Commit 25e1fa40 authored by Maciej Delmanowski's avatar Maciej Delmanowski

[debops.slapd] Enable 'constraint' overlay

parent b4099fb9
......@@ -372,6 +372,7 @@ slapd__default_tasks:
- '{4}memberof'
- '{5}refint'
- '{6}auditlog'
- '{7}constraint'
ordered: True
- name: 'Enable Sync Provider overlay in the cn=config database'
......@@ -416,6 +417,12 @@ slapd__default_tasks:
attributes:
olcOverlay: '{5}auditlog'
- name: 'Enable Constraint overlay in the main database'
dn: 'olcOverlay={6}constraint,olcDatabase={1}mdb,cn=config'
objectClass: [ 'olcOverlayConfig', 'olcConstraintConfig' ]
attributes:
olcOverlay: '{6}constraint'
- name: 'Configure Password Policy overlay in the main database'
dn: 'olcOverlay={1}ppolicy,olcDatabase={1}mdb,cn=config'
attributes:
......@@ -463,6 +470,17 @@ slapd__default_tasks:
olcAuditlogFile: '{{ slapd__log_dir + "/slapd-auditlog-main.ldif" }}'
state: 'exact'
- name: 'Configure Constraint overlay in the main database'
dn: 'olcOverlay={6}constraint,olcDatabase={1}mdb,cn=config'
attributes:
olcConstraintAttribute:
- 'jpegPhoto size 524288' # 512 KiB
- 'userPassword count 5'
- 'uidNumber regex ^[[:digit:]]+$'
- 'gidNumber regex ^[[:digit:]]+$'
- 'macAddress regex ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$'
state: 'exact'
- name: 'Configure the OpenLDAP server log level'
dn: 'cn=config'
attributes:
......
......@@ -32,6 +32,8 @@ Directory structure
- ``{6}auditlog``
- ``{7}constraint``
- :ref:`cn=schema <slapd__ref_ldap_schemas>`
- :ref:`core.schema <slapd__ref_initial_schemas>`
......@@ -66,6 +68,8 @@ Directory structure
- :ref:`olcOverlay={5}auditlog <slapd__ref_auditlog_overlay>`
- :ref:`olcOverlay={6}constraint <slapd__ref_constraint_overlay>`
- :envvar:`olcAccess <slapd__acl_tasks>` (:ref:`documentation <slapd__ref_acl>`)
- :envvar:`dc=example,dc=org <slapd__base_dn>`
......
......@@ -32,6 +32,8 @@ the main database.
.. __: http://www.zytrax.com/books/ldap/ch6/syncprov.html
.. __: https://www.openldap.org/doc/admin24/replication.html
Manual page: :man:`slapo-syncprov(5)`
.. _slapd__ref_ppolicy_overlay:
......@@ -55,6 +57,8 @@ password length, different types of characters used, lockout policy, etc.
.. __: https://www.zytrax.com/books/ldap/ch6/ppolicy.html
Manual page: :man:`slapo-ppolicy(5)`
.. _slapd__ref_unique_overlay:
......@@ -69,6 +73,8 @@ the ``ou=People,dc=example,dc=org`` subtree of the directory.
.. __: https://www.openldap.org/doc/admin24/overlays.html#Attribute%20Uniqueness
Manual page: :man:`slapo-unique(5)`
.. _slapd__ref_memberof_overlay:
......@@ -83,6 +89,8 @@ to.
.. __: https://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance
Manual page: :man:`slapo-memberof(5)`
.. _slapd__ref_refint_overlay:
......@@ -95,6 +103,8 @@ the references between objects in the LDAP database are consistent.
.. __: https://www.openldap.org/doc/admin24/overlays.html#Referential%20Integrity
Manual page: :man:`slapo-refint(5)`
.. _slapd__ref_auditlog_overlay:
......@@ -108,3 +118,18 @@ automatically ensure that the audit log files are rotated periodically using
the :command:`logrotate` service to keep the disk usage under control.
.. __: https://www.openldap.org/doc/admin24/overlays.html#Audit%20Logging
Manual page: :man:`slapo-auditlog(5)`
.. _slapd__ref_constraint_overlay:
Attribute Constraints overlay
-----------------------------
The `constraint overlay`__ can be used to place constraints on specific LDAP
attributes, for example number of possible values, size or format.
.. __: https://www.openldap.org/doc/admin24/overlays.html#Constraints
Manual page: :man:`slapo-constraint(5)`
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment