From 86a5681d8f81c9a599f7d481ed4a02bc46cd486d Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Sun, 18 Jul 2021 15:38:27 +0200
Subject: [PATCH] =?UTF-8?q?[re2o-ldap-replica]=20=E2=86=92=20[re2o-ldap]?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../{re2o_ldap_replica.yml => re2o_ldap.yml} | 5 +-
host_vars/yson-partou.adm.crans.org.yml | 5 ++
hosts | 2 +-
plays/re2o-ldap-replica.yml | 7 ---
plays/re2o-ldap.yml | 7 +++
.../templates/ldap/certinfo.ldif.j2 | 8 ---
.../templates/ldap/ldap.key.j2 | 1 -
.../templates/ldap/ldap.pem.j2 | 1 -
.../handlers/main.yml | 0
.../tasks/main.yml | 13 ++---
.../templates/ldap/db.ldif.j2 | 46 ++++++++--------
roles/re2o-ldap/templates/ldap/ldap.key.j2 | 1 +
roles/re2o-ldap/templates/ldap/ldap.pem.j2 | 1 +
.../templates/ldap/replication.ldif.j2} | 10 ++--
.../templates/ldap/schema.ldif.j2 | 52 ++++++++++---------
15 files changed, 75 insertions(+), 84 deletions(-)
rename group_vars/{re2o_ldap_replica.yml => re2o_ldap.yml} (68%)
delete mode 100755 plays/re2o-ldap-replica.yml
create mode 100755 plays/re2o-ldap.yml
delete mode 100644 roles/re2o-ldap-replica/templates/ldap/certinfo.ldif.j2
delete mode 100644 roles/re2o-ldap-replica/templates/ldap/ldap.key.j2
delete mode 100644 roles/re2o-ldap-replica/templates/ldap/ldap.pem.j2
rename roles/{re2o-ldap-replica => re2o-ldap}/handlers/main.yml (100%)
rename roles/{re2o-ldap-replica => re2o-ldap}/tasks/main.yml (87%)
rename roles/{re2o-ldap-replica => re2o-ldap}/templates/ldap/db.ldif.j2 (58%)
create mode 100644 roles/re2o-ldap/templates/ldap/ldap.key.j2
create mode 100644 roles/re2o-ldap/templates/ldap/ldap.pem.j2
rename roles/{re2o-ldap-replica/templates/ldap/consumer_simple_sync.ldif.j2 => re2o-ldap/templates/ldap/replication.ldif.j2} (53%)
rename roles/{re2o-ldap-replica => re2o-ldap}/templates/ldap/schema.ldif.j2 (98%)
diff --git a/group_vars/re2o_ldap_replica.yml b/group_vars/re2o_ldap.yml
similarity index 68%
rename from group_vars/re2o_ldap_replica.yml
rename to group_vars/re2o_ldap.yml
index ae4b34c1..fc2be906 100644
--- a/group_vars/re2o_ldap_replica.yml
+++ b/group_vars/re2o_ldap.yml
@@ -1,8 +1,5 @@
---
-glob_re2o_ldap_replica:
- replicator:
- username: replicator
- password: "{{ vault.ldap_replication_re2o_credentials }}"
+glob_re2o_ldap:
suffix: dc=crans,dc=org
url: "ldaps://{{ query('ldap', 'ip', 'terenez', 'adm') | ipv4 | first }}:636"
root_password_hash: "{{ vault.ldap_master_password_hash }}"
diff --git a/host_vars/yson-partou.adm.crans.org.yml b/host_vars/yson-partou.adm.crans.org.yml
index 5cde2044..647582fe 100644
--- a/host_vars/yson-partou.adm.crans.org.yml
+++ b/host_vars/yson-partou.adm.crans.org.yml
@@ -1,3 +1,8 @@
---
interfaces:
adm: eth0
+
+loc_re2o_ldap:
+ replica:
+ username: replicator
+ password: "{{ vault.ldap_replication_re2o_credentials }}"
diff --git a/hosts b/hosts
index b87feae2..af376853 100644
--- a/hosts
+++ b/hosts
@@ -193,7 +193,7 @@ radius
[re2o_front]
re2o.adm.crans.org
-[re2o_ldap_replica]
+[re2o_ldap]
re2o-dev.adm.crans.org
yson-partou.adm.crans.org
diff --git a/plays/re2o-ldap-replica.yml b/plays/re2o-ldap-replica.yml
deleted file mode 100755
index 1d1344a0..00000000
--- a/plays/re2o-ldap-replica.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-- hosts: re2o_ldap_replica
- vars:
- re2o_ldap_replica: "{{ glob_re2o_ldap_replica | default({}) | combine(loc_re2o_ldap_replica | default({})) }}"
- roles:
- - re2o-ldap-replica
diff --git a/plays/re2o-ldap.yml b/plays/re2o-ldap.yml
new file mode 100755
index 00000000..33964e19
--- /dev/null
+++ b/plays/re2o-ldap.yml
@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: re2o_ldap
+ vars:
+ re2o_ldap: "{{ glob_re2o_ldap | default({}) | combine(loc_re2o_ldap | default({})) }}"
+ roles:
+ - re2o-ldap-replica
diff --git a/roles/re2o-ldap-replica/templates/ldap/certinfo.ldif.j2 b/roles/re2o-ldap-replica/templates/ldap/certinfo.ldif.j2
deleted file mode 100644
index 8571016c..00000000
--- a/roles/re2o-ldap-replica/templates/ldap/certinfo.ldif.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-{{ ansible_header | comment }}
-
-dn: cn=config
-add: olcTLSCertificateFile
-olcTLSCertificateFile: /etc/ldap/ldap.pem
--
-add: olcTLSCertificateKeyFile
-olcTLSCertificateKeyFile: /etc/ldap/ldap.key
diff --git a/roles/re2o-ldap-replica/templates/ldap/ldap.key.j2 b/roles/re2o-ldap-replica/templates/ldap/ldap.key.j2
deleted file mode 100644
index 1dc6da0c..00000000
--- a/roles/re2o-ldap-replica/templates/ldap/ldap.key.j2
+++ /dev/null
@@ -1 +0,0 @@
-{{ re2o_ldap_replica.private_key }}
diff --git a/roles/re2o-ldap-replica/templates/ldap/ldap.pem.j2 b/roles/re2o-ldap-replica/templates/ldap/ldap.pem.j2
deleted file mode 100644
index 71d67e1a..00000000
--- a/roles/re2o-ldap-replica/templates/ldap/ldap.pem.j2
+++ /dev/null
@@ -1 +0,0 @@
-{{ re2o_ldap_replica.certificate }}
diff --git a/roles/re2o-ldap-replica/handlers/main.yml b/roles/re2o-ldap/handlers/main.yml
similarity index 100%
rename from roles/re2o-ldap-replica/handlers/main.yml
rename to roles/re2o-ldap/handlers/main.yml
diff --git a/roles/re2o-ldap-replica/tasks/main.yml b/roles/re2o-ldap/tasks/main.yml
similarity index 87%
rename from roles/re2o-ldap-replica/tasks/main.yml
rename to roles/re2o-ldap/tasks/main.yml
index 0bcd4c8d..687f1332 100644
--- a/roles/re2o-ldap-replica/tasks/main.yml
+++ b/roles/re2o-ldap/tasks/main.yml
@@ -58,8 +58,7 @@
loop:
- db
- schema
- - consumer_simple_sync
- - certinfo
+ - replication
- name: Initialize re2o-ldap schema
when: not installation.stat.exists
@@ -78,8 +77,8 @@
state: started
- name: Enable data replication
- when: not installation.stat.exists
- shell: ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /var/lib/slapd/consumer_simple_sync.ldif
+ when: not installation.stat.exists and re2o_ldap.replica exists
+ shell: ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /var/lib/slapd/replication.ldif
# LDAPS configuration
- name: Copy TLS certificate
@@ -93,17 +92,13 @@
- ldap.pem
- ldap.key
-- name: Load TLS certificates
- when: not installation.stat.exists
- shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /var/lib/slapd/certinfo.ldif
-
- name: Enable LDAPS
lineinfile:
path: /etc/default/slapd
regexp: '^SLAPD_SERVICES='
line: 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
notify: Restart slapd
- check_mode: false
+ when: not ansible_check_mode
- name: Touch installation marker
when: not installation.stat.exists
diff --git a/roles/re2o-ldap-replica/templates/ldap/db.ldif.j2 b/roles/re2o-ldap/templates/ldap/db.ldif.j2
similarity index 58%
rename from roles/re2o-ldap-replica/templates/ldap/db.ldif.j2
rename to roles/re2o-ldap/templates/ldap/db.ldif.j2
index 16414ad9..0181c093 100644
--- a/roles/re2o-ldap-replica/templates/ldap/db.ldif.j2
+++ b/roles/re2o-ldap/templates/ldap/db.ldif.j2
@@ -3,7 +3,7 @@
# This file comes from the installation of Re2o
# https://gitlab.federez.net/re2o/re2o/-/blob/master/install_utils/db.ldiff
-dn: {{ re2o_ldap_replica.suffix }}
+dn: {{ re2o_ldap.suffix }}
o: rezo
structuralObjectClass: organization
description: ldap
@@ -12,15 +12,15 @@ objectClass: dcObject
objectClass: organization
contextCSN: 20161004233332.689769Z#000000#000#000000
-dn: cn=admin,{{ re2o_ldap_replica.suffix }}
+dn: cn=admin,{{ re2o_ldap.suffix }}
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
structuralObjectClass: organizationalRole
description:: TERBUCBhZG1pbmlzdHJhdG9yDQo=
-userPassword: {{ re2o_ldap_replica.root_password_hash }}
+userPassword: {{ re2o_ldap.root_password_hash }}
-dn: cn=Utilisateurs,{{ re2o_ldap_replica.suffix }}
+dn: cn=Utilisateurs,{{ re2o_ldap.suffix }}
gidNumber: 500
cn: Utilisateurs
structuralObjectClass: posixGroup
@@ -31,74 +31,74 @@ objectClass: top
objectClass: sambaSamAccount
objectClass: radiusprofile
-dn: ou=groups,{{ re2o_ldap_replica.suffix }}
+dn: ou=groups,{{ re2o_ldap.suffix }}
objectClass: organizationalUnit
description: Groupes d'utilisateurs
ou: groups
structuralObjectClass: organizationalUnit
-dn: ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}
+dn: ou=services,ou=groups,{{ re2o_ldap.suffix }}
objectClass: organizationalUnit
description: Groupes de comptes techniques
ou: services
structuralObjectClass: organizationalUnit
-dn: ou=service-users,{{ re2o_ldap_replica.suffix }}
+dn: ou=service-users,{{ re2o_ldap.suffix }}
objectClass: organizationalUnit
description: Utilisateurs techniques de l'annuaire
ou: service-users
structuralObjectClass: organizationalUnit
-dn: cn=freeradius,ou=service-users,{{ re2o_ldap_replica.suffix }}
+dn: cn=freeradius,ou=service-users,{{ re2o_ldap.suffix }}
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: freeradius
-userPassword: {{ re2o_ldap_replica.root_password_hash }}
+userPassword: {{ re2o_ldap.root_password_hash }}
structuralObjectClass: applicationProcess
-dn: cn=nssauth,ou=service-users,{{ re2o_ldap_replica.suffix }}
+dn: cn=nssauth,ou=service-users,{{ re2o_ldap.suffix }}
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: nssauth
structuralObjectClass: applicationProcess
-userPassword: {{ re2o_ldap_replica.root_password_hash }}
+userPassword: {{ re2o_ldap.root_password_hash }}
-dn: cn=auth,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}
+dn: cn=auth,ou=services,ou=groups,{{ re2o_ldap.suffix }}
objectClass: groupOfNames
cn: auth
-member: cn=nssauth,ou=service-users,{{ re2o_ldap_replica.suffix }}
+member: cn=nssauth,ou=service-users,{{ re2o_ldap.suffix }}
structuralObjectClass: groupOfNames
-dn: ou=posix,ou=groups,{{ re2o_ldap_replica.suffix }}
+dn: ou=posix,ou=groups,{{ re2o_ldap.suffix }}
objectClass: organizationalUnit
description: Groupes de comptes POSIX
ou: posix
structuralObjectClass: organizationalUnit
-dn: cn=wifi,ou=service-users,{{ re2o_ldap_replica.suffix }}
+dn: cn=wifi,ou=service-users,{{ re2o_ldap.suffix }}
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: wifi
structuralObjectClass: applicationProcess
-userPassword: {{ re2o_ldap_replica.root_password_hash }}
+userPassword: {{ re2o_ldap.root_password_hash }}
-dn: cn=usermgmt,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}
+dn: cn=usermgmt,ou=services,ou=groups,{{ re2o_ldap.suffix }}
objectClass: groupOfNames
cn: usermgmt
structuralObjectClass: groupOfNames
-member: cn=wifi,ou=service-users,{{ re2o_ldap_replica.suffix }}
+member: cn=wifi,ou=service-users,{{ re2o_ldap.suffix }}
-dn: cn=replica,ou=service-users,{{ re2o_ldap_replica.suffix }}
+dn: cn=replica,ou=service-users,{{ re2o_ldap.suffix }}
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: replica
structuralObjectClass: applicationProcess
-userPassword: {{ re2o_ldap_replica.root_password_hash }}
+userPassword: {{ re2o_ldap.root_password_hash }}
-dn: cn=readonly,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}
+dn: cn=readonly,ou=services,ou=groups,{{ re2o_ldap.suffix }}
objectClass: groupOfNames
cn: readonly
structuralObjectClass: groupOfNames
-member: cn=replica,ou=service-users,{{ re2o_ldap_replica.suffix }}
-member: cn=freeradius,ou=service-users,{{ re2o_ldap_replica.suffix }}
+member: cn=replica,ou=service-users,{{ re2o_ldap.suffix }}
+member: cn=freeradius,ou=service-users,{{ re2o_ldap.suffix }}
diff --git a/roles/re2o-ldap/templates/ldap/ldap.key.j2 b/roles/re2o-ldap/templates/ldap/ldap.key.j2
new file mode 100644
index 00000000..007496f0
--- /dev/null
+++ b/roles/re2o-ldap/templates/ldap/ldap.key.j2
@@ -0,0 +1 @@
+{{ re2o_ldap.private_key }}
diff --git a/roles/re2o-ldap/templates/ldap/ldap.pem.j2 b/roles/re2o-ldap/templates/ldap/ldap.pem.j2
new file mode 100644
index 00000000..853d78b6
--- /dev/null
+++ b/roles/re2o-ldap/templates/ldap/ldap.pem.j2
@@ -0,0 +1 @@
+{{ re2o_ldap.certificate }}
diff --git a/roles/re2o-ldap-replica/templates/ldap/consumer_simple_sync.ldif.j2 b/roles/re2o-ldap/templates/ldap/replication.ldif.j2
similarity index 53%
rename from roles/re2o-ldap-replica/templates/ldap/consumer_simple_sync.ldif.j2
rename to roles/re2o-ldap/templates/ldap/replication.ldif.j2
index f15a81df..7065c260 100644
--- a/roles/re2o-ldap-replica/templates/ldap/consumer_simple_sync.ldif.j2
+++ b/roles/re2o-ldap/templates/ldap/replication.ldif.j2
@@ -4,11 +4,11 @@ dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcSyncrepl
olcSyncrepl: rid=1
- provider={{ re2o_ldap_replica.url }}
+ provider={{ re2o_ldap.url }}
bindmethod=simple
- binddn="cn={{ re2o_ldap_replica.replicator.username }},{{ re2o_ldap_replica.suffix }}"
- credentials={{ re2o_ldap_replica.replicator.password }}
- searchbase="{{ re2o_ldap_replica.suffix }}"
+ binddn="cn={{ re2o_ldap.replica.username }},{{ re2o_ldap.suffix }}"
+ credentials={{ re2o_ldap.replica.password }}
+ searchbase="{{ re2o_ldap.suffix }}"
scope=sub
schemachecking=on
type=refreshAndPersist
@@ -18,4 +18,4 @@ olcSyncrepl: rid=1
tls_reqcert=allow
-
add: olcUpdateRef
-olcUpdateRef: {{ re2o_ldap_replica.url }}
+olcUpdateRef: {{ re2o_ldap.url }}
diff --git a/roles/re2o-ldap-replica/templates/ldap/schema.ldif.j2 b/roles/re2o-ldap/templates/ldap/schema.ldif.j2
similarity index 98%
rename from roles/re2o-ldap-replica/templates/ldap/schema.ldif.j2
rename to roles/re2o-ldap/templates/ldap/schema.ldif.j2
index 17437437..036ab3af 100644
--- a/roles/re2o-ldap-replica/templates/ldap/schema.ldif.j2
+++ b/roles/re2o-ldap/templates/ldap/schema.ldif.j2
@@ -14,6 +14,8 @@ olcSaslSecProps: none
olcToolThreads: 1
structuralObjectClass: olcGlobal
contextCSN: 20160619215244.315124Z#000000#000#000000
+olcTLSCertificateFile: /etc/ldap/ldap.pem
+olcTLSCertificateKeyFile: /etc/ldap/ldap.key
dn: cn=module{0},cn=config
objectClass: olcModuleList
@@ -1021,7 +1023,7 @@ olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth manage by * break
olcRootDN: cn=config
-olcRootPW: {{ re2o_ldap_replica.root_password_hash }}
+olcRootPW: {{ re2o_ldap.root_password_hash }}
structuralObjectClass: olcDatabaseConfig
dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
@@ -1035,52 +1037,52 @@ objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
-olcSuffix: {{ re2o_ldap_replica.suffix }}
+olcSuffix: {{ re2o_ldap.suffix }}
olcAccess: {0}to attrs=userPassword,sambaNTPassword,mail
by set="[cn=nounou,ou=posix,ou=groups,dc=crans,dc=org]/memberUid & user/uid" write
by self write
by anonymous auth
- by dn="cn=admin,{{ re2o_ldap_replica.suffix }}" write
- by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" read
- by group="cn=usermgmt,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" write
+ by dn="cn=admin,{{ re2o_ldap.suffix }}" write
+ by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap.suffix }}" read
+ by group="cn=usermgmt,ou=services,ou=groups,{{ re2o_ldap.suffix }}" write
by * none
olcAccess: {1}to attrs=shadowLastChange,gecos,loginShell
by set="[cn=nounou,ou=posix,ou=groups,dc=crans,dc=org]/memberUid & user/uid" write
by self write
by anonymous auth
- by dn="cn=admin,{{ re2o_ldap_replica.suffix }}" write
- by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" read
- by group="cn=auth,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" read
- by group="cn=usermgmt,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" write
+ by dn="cn=admin,{{ re2o_ldap.suffix }}" write
+ by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap.suffix }}" read
+ by group="cn=auth,ou=services,ou=groups,{{ re2o_ldap.suffix }}" read
+ by group="cn=usermgmt,ou=services,ou=groups,{{ re2o_ldap.suffix }}" write
by * none
olcAccess: {2}to dn.base=""
by * read
-olcAccess: {3}to dn.sub="ou=groups,{{ re2o_ldap_replica.suffix }}"
+olcAccess: {3}to dn.sub="ou=groups,{{ re2o_ldap.suffix }}"
by set="[cn=nounou,ou=posix,ou=groups,dc=crans,dc=org]/memberUid & user/uid" write
- by group="cn=auth,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" read
- by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" read
-olcAccess: {4}to dn.base="cn=Utilisateurs,{{ re2o_ldap_replica.suffix }}"
+ by group="cn=auth,ou=services,ou=groups,{{ re2o_ldap.suffix }}" read
+ by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap.suffix }}" read
+olcAccess: {4}to dn.base="cn=Utilisateurs,{{ re2o_ldap.suffix }}"
by * read
-olcAccess: {5}to dn.sub="cn=Utilisateurs,{{ re2o_ldap_replica.suffix }}"
- by group="cn=auth,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" read
+olcAccess: {5}to dn.sub="cn=Utilisateurs,{{ re2o_ldap.suffix }}"
+ by group="cn=auth,ou=services,ou=groups,{{ re2o_ldap.suffix }}" read
by set="[cn=nounou,ou=posix,ou=groups,dc=crans,dc=org]/memberUid & user/uid" write
by self read
- by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" read
- by group="cn=usermgmt,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" write
-olcAccess: {6}to dn.sub="ou=service-users,{{ re2o_ldap_replica.suffix }}"
+ by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap.suffix }}" read
+ by group="cn=usermgmt,ou=services,ou=groups,{{ re2o_ldap.suffix }}" write
+olcAccess: {6}to dn.sub="ou=service-users,{{ re2o_ldap.suffix }}"
by set="[cn=nounou,ou=posix,ou=groups,dc=crans,dc=org]/memberUid & user/uid" write
- by group="cn=auth,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" read
- by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" read
-olcAccess: {7}to dn.base="{{ re2o_ldap_replica.suffix }}"
+ by group="cn=auth,ou=services,ou=groups,{{ re2o_ldap.suffix }}" read
+ by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap.suffix }}" read
+olcAccess: {7}to dn.base="{{ re2o_ldap.suffix }}"
by * read
olcAccess: {8}to *
by set="[cn=nounou,ou=posix,ou=groups,dc=crans,dc=org]/memberUid & user/uid" write
- by dn="cn=admin,{{ re2o_ldap_replica.suffix }}" write
+ by dn="cn=admin,{{ re2o_ldap.suffix }}" write
by self read
- by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap_replica.suffix }}" read
+ by group="cn=readonly,ou=services,ou=groups,{{ re2o_ldap.suffix }}" read
olcLastMod: TRUE
-olcRootDN: cn=admin,{{ re2o_ldap_replica.suffix }}
-olcRootPW: {{ re2o_ldap_replica.root_password_hash }}
+olcRootDN: cn=admin,{{ re2o_ldap.suffix }}
+olcRootPW: {{ re2o_ldap.root_password_hash }}
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
--
GitLab