Files
@ 298c0dbe1698
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/ldap.yml - annotation
298c0dbe1698
4.6 KiB
text/x-yaml
MAR-4: Updated documentation for the mail server role, adding information about rsync installation, set-up of chroot for Postfix, and the smtp_allow_relay_from option. Updated mail_server role implementation, fixing rsync command for deploying the truststore to preserve truststore permissions and adding support for specifying networks from which unauthenticated relaying should be allowed.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 | 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 083df81ac1a4 0c81b8598748 0c81b8598748 0c81b8598748 5524a4ad9904 5524a4ad9904 5524a4ad9904 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 d0a6d20f081c 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 90417b999b1e 90417b999b1e 90417b999b1e 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c be262063970c 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 375f54472644 74ed4756d5a6 375f54472644 74ed4756d5a6 375f54472644 | ---
ldap_client_config:
- comment: Set the base DN
option: BASE
value: dc=example,dc=com
- comment: Set the default URI
option: URI
value: ldapi:///
- comment: Set the default bind DN
option: BINDDN
value: cn=admin,dc=example,dc=com
- comment: Set the LDAP TLS truststore
option: TLS_CACERT
value: /etc/ssl/certs/truststore.pem
ldap_server_config:
domain: "example.com"
organization: "Example Inc."
log_level: 256
tls_certificate: /etc/ssl/certs/ldap.example.com.pem
tls_key: /etc/ssl/private/ldap.example.com.pem
ssf: 128
ldap_permissions:
- filter: '(olcSuffix=dc=example,dc=com)'
rules:
- >
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,dc=example,dc=com" manage
by * break
- >
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >
to dn.base=""
by * read
- >
to *
by self write
by dn="cn=admin,dc=example,dc=com" write
by users read
by * none
ldap_entries:
- dn: "cn={4}misc,cn=schema,cn=config"
objectClass: olcSchemaConfig
cn: "{4}misc"
olcAttributeTypes:
- "{0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )"
- "{1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
- "{2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
- "{3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
olcObjectClasses:
- "{0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )"
- "{1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )"
- dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
- dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
- dn: ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: services
- dn: uid=johndoe,ou=people,dc=example,dc=com
objectClass:
- inetOrgPerson
uid: johndoe
cn: John Doe
sn: Doe
userPassword: johndoe
mail: john.doe@example.com
- dn: uid=janedoe,ou=people,dc=example,dc=com
objectClass:
- inetOrgPerson
uid: janedoe
cn: Jane Doe
sn: Doe
userPassword: janedoe
mail: jane.doe@example.com
- dn: cn=xmpp,ou=services,dc=example,dc=com
objectClass:
- applicationProcess
- simpleSecurityObject
cn: xmpp
userPassword: xmpp
- dn: cn=xmpp,ou=groups,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: xmpp
uniqueMember:
- uid=johndoe,ou=people,dc=example,dc=com
- uid=janedoe,ou=people,dc=example,dc=com
- dn: cn=postfix,ou=services,dc=example,dc=com
objectClass:
- applicationProcess
- simpleSecurityObject
cn: postfix
userPassword: postfix
- dn: cn=dovecot,ou=services,dc=example,dc=com
objectClass:
- applicationProcess
- simpleSecurityObject
cn: dovecot
userPassword: dovecot
- dn: cn=mail,ou=groups,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: mail
uniqueMember:
- uid=johndoe,ou=people,dc=example,dc=com
- uid=janedoe,ou=people,dc=example,dc=com
- dn: ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: mail
- dn: ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: domains
- dn: ou=aliases,ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: aliases
- dn: ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: domains
- dn: dc=example.com,ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: dNSDomain
dc: example.com
- dn: dc=example.org,ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: dNSDomain
dc: example.org
- dn: cn=postmaster@example.com,ou=aliases,ou=mail,ou=services,dc=example,dc=com
objectClass: nisMailAlias
cn: postmaster@example.com
rfc822MailMember: john.doe@example.com
|