mirror of
https://github.com/FAUSheppy/no-secrets-athq-ansible
synced 2025-12-10 08:48:33 +01:00
feat: slapd group & systemd
This commit is contained in:
29
roles/usermanagement/templates/slapd-custom.service
Normal file
29
roles/usermanagement/templates/slapd-custom.service
Normal file
@@ -0,0 +1,29 @@
|
||||
[Unit]
|
||||
Description=Slapd Custom Service
|
||||
|
||||
[Service]
|
||||
|
||||
Type=forking
|
||||
ExecStart=/usr/sbin/slapd -f /etc/ldap/slapd.conf -h "ldapi:/// ldap:///"
|
||||
|
||||
User=openldap
|
||||
Group=openldap
|
||||
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
Restart=on-failure
|
||||
|
||||
PrivateTmp=yes
|
||||
ProtectSystem=full
|
||||
ProtectHome=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
ProtectControlGroups=yes
|
||||
NoNewPrivileges=yes
|
||||
MountFlags=private
|
||||
SystemCallArchitectures=native
|
||||
PrivateDevices=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user