Files
@ 1e2d2a723cca
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/ldap.yml - annotation
1e2d2a723cca
4.8 KiB
text/x-yaml
MAR-5: Updated test documentation instructions for generating private keys/certs. Sleep for 1 second (dirty hack) to have the certs have distinct serial numbers (since they're equal to epoch time).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 | 0c81b8598748 0c81b8598748 7ab6518de03b 7ab6518de03b 7ab6518de03b 7ab6518de03b 2285dcdda345 7ab6518de03b 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 083df81ac1a4 0c81b8598748 0c81b8598748 0c81b8598748 5524a4ad9904 5524a4ad9904 76ed37089b33 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 96e9f230a669 96e9f230a669 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 d0a6d20f081c 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 90417b999b1e 90417b999b1e 90417b999b1e 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 74ed4756d5a6 375f54472644 74ed4756d5a6 375f54472644 | ---
local_mail_aliases:
root: "root john.doe@example.com"
smtp_relay_host: mail.example.com
smtp_relay_truststore: /etc/ssl/certs/example_ca_chain.pem
ldap_client_config:
- comment: Set the base DN
option: BASE
value: dc=example,dc=com
- comment: Set the default URI
option: URI
value: ldapi:///
- comment: Set the default bind DN
option: BINDDN
value: cn=admin,dc=example,dc=com
- comment: Set the LDAP TLS truststore
option: TLS_CACERT
value: /etc/ssl/certs/example_ca_chain.pem
ldap_server_config:
domain: "example.com"
organization: "Example Inc."
log_level: 256
tls_certificate: "{{ inventory_dir }}/tls/ldap.example.com_ldap.pem"
tls_key: "{{ inventory_dir }}/tls/ldap.example.com_ldap.key"
ssf: 128
ldap_permissions:
- filter: '(olcSuffix=dc=example,dc=com)'
rules:
- >
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,dc=example,dc=com" manage
by * break
- >
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >
to dn.base=""
by * read
- >
to *
by self write
by dn="cn=admin,dc=example,dc=com" write
by users read
by * none
ldap_entries:
- dn: "cn={4}misc,cn=schema,cn=config"
objectClass: olcSchemaConfig
cn: "{4}misc"
olcAttributeTypes:
- "{0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )"
- "{1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
- "{2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
- "{3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
olcObjectClasses:
- "{0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )"
- "{1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )"
- dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
- dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
- dn: ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: services
- dn: uid=johndoe,ou=people,dc=example,dc=com
objectClass:
- inetOrgPerson
uid: johndoe
cn: John Doe
sn: Doe
userPassword: johndoe
mail: john.doe@example.com
- dn: uid=janedoe,ou=people,dc=example,dc=com
objectClass:
- inetOrgPerson
uid: janedoe
cn: Jane Doe
sn: Doe
userPassword: janedoe
mail: jane.doe@example.com
- dn: cn=xmpp,ou=services,dc=example,dc=com
objectClass:
- applicationProcess
- simpleSecurityObject
cn: xmpp
userPassword: xmpp
- dn: cn=xmpp,ou=groups,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: xmpp
uniqueMember:
- uid=johndoe,ou=people,dc=example,dc=com
- uid=janedoe,ou=people,dc=example,dc=com
- dn: cn=postfix,ou=services,dc=example,dc=com
objectClass:
- applicationProcess
- simpleSecurityObject
cn: postfix
userPassword: postfix
- dn: cn=dovecot,ou=services,dc=example,dc=com
objectClass:
- applicationProcess
- simpleSecurityObject
cn: dovecot
userPassword: dovecot
- dn: cn=mail,ou=groups,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: mail
uniqueMember:
- uid=johndoe,ou=people,dc=example,dc=com
- uid=janedoe,ou=people,dc=example,dc=com
- dn: ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: mail
- dn: ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: domains
- dn: ou=aliases,ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: aliases
- dn: ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: domains
- dn: dc=example.com,ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: dNSDomain
dc: example.com
- dn: dc=example.org,ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: dNSDomain
dc: example.org
- dn: cn=postmaster@example.com,ou=aliases,ou=mail,ou=services,dc=example,dc=com
objectClass: nisMailAlias
cn: postmaster@example.com
rfc822MailMember: john.doe@example.com
|