decoupled openvpn-ldap-auth package from additional packages. #247
Conversation
+ Added: Default cipher for server and client. BF-CBC isn't that strong now and OVPN complains about this on startup + Added: 'timeout' for DH generation. Higher key sizes mean more time processing. + Added: TLS ciphers added to help strengthen the server. ~ Changed: Key size now bumped up to 2048 which is now considered minimum key size requirement.
Added ldap_auth_plugin_location for Redhat/Centos 7
…definition to decouple it from additional packages.
| @@ -679,6 +679,9 @@ | |||
| } | |||
|
|
|||
| if $ldap_enabled == true { | |||
| package {$openvpn::params::ldap_auth_plugin_package: | |||
There was a problem hiding this comment.
can you add ldap_auth_plugin_package as additional param to the server class?
manifests/params.pp
Outdated
| $systemd = true | ||
| # Redhat/Centos == 6.0 | ||
| } elsif(versioncmp($::operatingsystemrelease, '6.0') >= 0) and $::operatingsystem != 'Amazon' { | ||
| $additional_packages = ['easy-rsa','openvpn-auth-ldap'] | ||
| $additional_packages = ['easy-rsa'] | ||
| $ldap_auth_plugin_package = ['openvpn-auth-ldap'] |
There was a problem hiding this comment.
Please also do this for the other OS-variants, for consistency.
manifests/params.pp
Outdated
| @@ -29,11 +29,13 @@ | |||
| # Redhat/Centos >= 7.0 | |||
| if(versioncmp($::operatingsystemrelease, '7.0') >= 0) and $::operatingsystem != 'Amazon' { | |||
| $additional_packages = ['easy-rsa'] | |||
| $ldap_auth_plugin_location = undef | |||
| $ldap_auth_plugin_package = ['openvpn-auth-ldap'] | |||
There was a problem hiding this comment.
does it need to be a an array or should we stick with a string? I think string is enough.
modulesync 1.4.1
release 5.0.0
modulesync 1.5.0
Turned up options for encryption
replace validate_* with datatypes in init.pp
release 6.0.0
fix linting, add credit, add tests fixes voxpupuli#231
add mock_with to .sync.yml and remove additional $LOAD from spec_helper
add openvpn::deploy::(export/client)
|
Hi @metallaw , can you please rebase? |
release 7.1.0
Added ldap_auth_plugin_location for Redhat/Centos 7
…definition to decouple it from additional packages.
# Conflicts: # manifests/server.pp
|
@metallaw the git history looks a bit broken. Can you rebase it again? If you need any assistance feel free to join our IRC channel #voxpupuli on freenode. |
This change ensures that by setting cipher and tls_cipher to blank strings, they are consistently kept out of the configuration files - as opposed to invalid configuration being generated where the config keyword is generated with a blank argument.
|
Rebased - But CI build fails since it expects the package openvpn-ldap-plugin to be installed on Debian |
|
I need this PR to use LDAP on CentOS 7 because in v7.2.0 of this module |
|
Hi people. this branch looks pretty broken and inactive. I'm going to close it due to inactivity. Please reopen or resubmit it if you're still interested. |
No description provided.