From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 24 Jan 2019 12:35:21 +0000 (+0100)
Subject: slapd: listen on localhost only
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=64f011951422f37425344fffde1bfee72cceacfb;p=mirror%2Fdsa-puppet.git

slapd: listen on localhost only
---

diff --git a/modules/roles/files/sso/default-slapd b/modules/roles/files/sso/default-slapd
index 372b8f4ab..d629e8279 100644
--- a/modules/roles/files/sso/default-slapd
+++ b/modules/roles/files/sso/default-slapd
@@ -21,7 +21,7 @@ SLAPD_PIDFILE=
 # sockets.
 # Example usage:
 # SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
-SLAPD_SERVICES="ldap:/// ldapi:///"
+SLAPD_SERVICES="ldap://127.0.0.1:389/ ldapi:///"
 
 # If SLAPD_NO_START is set, the init script will not start or restart
 # slapd (but stop will still work).  Uncomment this if you are
diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index 04a7e9cbf..bf0e2c1d3 100644
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -21,6 +21,10 @@ class roles::sso {
 		source => 'puppet:///modules/roles/sso/slapd.conf',
 		notify  => Service['slapd'],
 	}
+	file { '/etc/default/slapd':
+		source => 'puppet:///modules/roles/sso/default-slapd',
+		notify  => Service['slapd'],
+	}
 
 
 	ssl::service { 'ftmg.sso.debian.org':