New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
decoupled openvpn-ldap-auth package from additional packages. #247
Conversation
+ Added: Default cipher for server and client. BF-CBC isn't that strong now and OVPN complains about this on startup + Added: 'timeout' for DH generation. Higher key sizes mean more time processing. + Added: TLS ciphers added to help strengthen the server. ~ Changed: Key size now bumped up to 2048 which is now considered minimum key size requirement.
Added ldap_auth_plugin_location for Redhat/Centos 7
…definition to decouple it from additional packages.
@@ -679,6 +679,9 @@ | |||
} | |||
|
|||
if $ldap_enabled == true { | |||
package {$openvpn::params::ldap_auth_plugin_package: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you add ldap_auth_plugin_package as additional param to the server class?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi, yeah sure. Thanks!
manifests/params.pp
Outdated
$systemd = true | ||
# Redhat/Centos == 6.0 | ||
} elsif(versioncmp($::operatingsystemrelease, '6.0') >= 0) and $::operatingsystem != 'Amazon' { | ||
$additional_packages = ['easy-rsa','openvpn-auth-ldap'] | ||
$additional_packages = ['easy-rsa'] | ||
$ldap_auth_plugin_package = ['openvpn-auth-ldap'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also do this for the other OS-variants, for consistency.
manifests/params.pp
Outdated
@@ -29,11 +29,13 @@ | |||
# Redhat/Centos >= 7.0 | |||
if(versioncmp($::operatingsystemrelease, '7.0') >= 0) and $::operatingsystem != 'Amazon' { | |||
$additional_packages = ['easy-rsa'] | |||
$ldap_auth_plugin_location = undef | |||
$ldap_auth_plugin_package = ['openvpn-auth-ldap'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does it need to be a an array or should we stick with a string? I think string is enough.
modulesync 1.4.1
release 5.0.0
modulesync 1.5.0
Turned up options for encryption
replace validate_* with datatypes in init.pp
release 6.0.0
fix linting, add credit, add tests fixes voxpupuli#231
add mock_with to .sync.yml and remove additional $LOAD from spec_helper
add openvpn::deploy::(export/client)
Hi @metallaw , can you please rebase? |
release 7.1.0
Added ldap_auth_plugin_location for Redhat/Centos 7
…definition to decouple it from additional packages.
# Conflicts: # manifests/server.pp
@metallaw the git history looks a bit broken. Can you rebase it again? If you need any assistance feel free to join our IRC channel #voxpupuli on freenode. |
This change ensures that by setting cipher and tls_cipher to blank strings, they are consistently kept out of the configuration files - as opposed to invalid configuration being generated where the config keyword is generated with a blank argument.
Rebased - But CI build fails since it expects the package openvpn-ldap-plugin to be installed on Debian |
I need this PR to use LDAP on CentOS 7 because in v7.2.0 of this module |
Hi people. this branch looks pretty broken and inactive. I'm going to close it due to inactivity. Please reopen or resubmit it if you're still interested. |
No description provided.