Disable anonymous binds
See https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/configuring-special-binds.html#disabling-anonymous-binds
This commit is contained in:
parent
0a96c31e12
commit
9828b867ba
|
@ -51,6 +51,7 @@ action :create do
|
|||
notifies :restart, "service[#{service_name}]", :immediately
|
||||
notifies :delete, "template[#{setup_config}]", :immediately
|
||||
notifies :run, "execute[add users group]", :delayed
|
||||
notifies :run, "execute[disable anonymous access]", :delayed
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -70,6 +71,23 @@ action :create do
|
|||
action :nothing
|
||||
end
|
||||
|
||||
file "#{Chef::Config[:file_cache_path]}/disable_anonymous_access.ldif" do
|
||||
content <<-EOF
|
||||
dn: cn=config
|
||||
changetype: modify
|
||||
replace: nsslapd-allow-anonymous-access
|
||||
nsslapd-allow-anonymous-access: off
|
||||
EOF
|
||||
owner "root"
|
||||
group "root"
|
||||
end
|
||||
|
||||
execute "disable anonymous access" do
|
||||
command "ldapmodify -x -w #{new_resource.admin_password} -D '#{new_resource.bind_dn}' -f '#{Chef::Config[:file_cache_path]}/disable_anonymous_access.ldif' -p #{new_resource.port} -h localhost"
|
||||
sensitive true
|
||||
action :nothing
|
||||
end
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
package "libnss3-tools" # provides pk12util
|
||||
|
||||
|
|
Loading…
Reference in New Issue