From 64f011951422f37425344fffde1bfee72cceacfb Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 24 Jan 2019 13:35:21 +0100
Subject: [PATCH] slapd: listen on localhost only

---
 modules/roles/files/sso/default-slapd | 2 +-
 modules/roles/manifests/sso.pp        | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/roles/files/sso/default-slapd b/modules/roles/files/sso/default-slapd
index 372b8f4ab..d629e8279 100644
--- a/modules/roles/files/sso/default-slapd
+++ b/modules/roles/files/sso/default-slapd
@@ -21,7 +21,7 @@ SLAPD_PIDFILE=
 # sockets.
 # Example usage:
 # SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
-SLAPD_SERVICES="ldap:/// ldapi:///"
+SLAPD_SERVICES="ldap://127.0.0.1:389/ ldapi:///"
 
 # If SLAPD_NO_START is set, the init script will not start or restart
 # slapd (but stop will still work).  Uncomment this if you are
diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index 04a7e9cbf..bf0e2c1d3 100644
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -21,6 +21,10 @@ class roles::sso {
 		source => 'puppet:///modules/roles/sso/slapd.conf',
 		notify  => Service['slapd'],
 	}
+	file { '/etc/default/slapd':
+		source => 'puppet:///modules/roles/sso/default-slapd',
+		notify  => Service['slapd'],
+	}
 
 
 	ssl::service { 'ftmg.sso.debian.org':
-- 
2.20.1