Files @ 308745f2c2a8
Branch filter:

Location: majic-ansible-roles/roles/ldap_server/tasks/main.yml - annotation

branko
MAR-1: Load the memberof module, and enable the memberof overlay on top of default database.
---

- name: Set domain for slapd
  debconf: name=slapd question=slapd/domain vtype=string value="{{ ldap_server_config.domain }}"

- name: Set organisation for slapd
  debconf: name=slapd question=slapd/organization vtype=string value="{{ ldap_server_config.organization }}"

- name: Install slapd
  apt: name=slapd state=installed

- name: Install Python LDAP bindings
  apt: name=python-ldap state=installed

- name: Enable slapd service
  service: name=slapd enabled=yes state=started

- name: Deploy system logger configuration file for slapd
  copy: src=slapd_rsyslog.conf dest=/etc/rsyslog.d/slapd.conf owner=root group=root mode=0644
  notify:
    - Restart rsyslog

- name: Deploy configuration file for log rotation of slapd logs
  copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644

- name: Change log level for slapd
  ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_config.log_level }}"

- name: Check if TLS private key is available
  stat: path="{{ ldap_server_config.tls_key }}"
  register: tls_key

- name: Check if TLS certificate is available
  stat: path="{{ ldap_server_config.tls_key }}"
  register: tls_certificate

- name: Configure TLS for slapd
  ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="{{ ldap_server_config.tls_certificate }}" olcTLSCertificateKeyFile="{{ ldap_server_config.tls_key }}"
  when: tls_key.stat.exists and tls_certificate.stat.exists
  notify:
    - Restart slapd

- name: Configure SSF
  ldap_entry: dn=cn=config state=replaceattributes olcSecurity=ssf="{{ ldap_server_config.ssf }}" olcLocalSSF="{{ ldap_server_config.ssf }}"

- name: Enable the memberof module
  ldap_entry: dn="cn=module{0},cn=config" state=addattributes olcModuleLoad="{1}memberof"

- name: Enable the memberof overlay for database
  ldap_entry:
    dn: "olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config"
    objectClass:
      - olcConfig
      - olcMemberOf
      - olcOverlayConfig
    olcOverlay: memberof

- name: Apply database permissions
  ldap_permissions:
    filter: "{{ item.filter }}"
    rules: "{{ item.rules }}"
  with_items: ldap_permissions

- name: Create LDAP entries
  ldap_entry: ""
  args: "{{ item }}"
  with_items: ldap_entries