Files
@ 424710fc61e1
Branch filter:
Location: majic-ansible-roles/roles/ldap_server/tasks/main.yml - annotation
424710fc61e1
3.0 KiB
text/x-yaml
MAR-14: Moved the support and license sections out of index page, and onto the about page.
dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 284ed92d40bb 284ed92d40bb a6633bcc83d1 a6633bcc83d1 a6633bcc83d1 a6633bcc83d1 a6633bcc83d1 284ed92d40bb 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f 30c772db9c58 30c772db9c58 30c772db9c58 ea92f99d9c33 ea92f99d9c33 ea92f99d9c33 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 0ad9410c243a 7d6c2d8f03bf 96e9f230a669 7d6c2d8f03bf 7d6c2d8f03bf dcd5e6e08117 58e1c3121e77 58e1c3121e77 58e1c3121e77 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 b0e7faa211ae 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 f7fe8adec8d3 f7fe8adec8d3 f7fe8adec8d3 308745f2c2a8 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 b1e6de7dd8a7 b1e6de7dd8a7 b1e6de7dd8a7 b1e6de7dd8a7 b1e6de7dd8a7 eb9a1b525c77 eb9a1b525c77 eb9a1b525c77 eb9a1b525c77 eb9a1b525c77 | ---
- name: Set domain for slapd
debconf: name=slapd question=slapd/domain vtype=string value="{{ ldap_server_config.domain }}"
- name: Set organisation for slapd
debconf: name=slapd question=slapd/organization vtype=string value="{{ ldap_server_config.organization }}"
- name: Install slapd
apt: name=slapd state=installed
- name: Allow OpenLDAP user to traverse the directory with TLS private keys
user: name=openldap append=yes groups=ssl-cert
register: openldap_in_ssl_cert
- name: Restart slapd if group membership has changed
service: name=slapd state=restarted
when: openldap_in_ssl_cert.changed
- name: Install Python LDAP bindings
apt: name=python-ldap state=installed
- name: Enable slapd service
service: name=slapd enabled=yes state=started
- name: Deploy system logger configuration file for slapd
copy: src=slapd_rsyslog.conf dest=/etc/rsyslog.d/slapd.conf owner=root group=root mode=0644
notify:
- Restart rsyslog
- name: Deploy configuration file for log rotation of slapd logs
copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644
- name: Change log level for slapd
ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_config.log_level }}"
- name: Deploy LDAP TLS private key
copy: dest="/etc/ssl/private/{{ ldap_server_config.tls_key | basename }}" src="{{ ldap_server_config.tls_key }}"
mode=640 owner=root group=openldap
notify:
- Restart slapd
- name: Deploy LDAP TLS certificate
copy: dest="/etc/ssl/certs/{{ ldap_server_config.tls_certificate | basename }}" src="{{ ldap_server_config.tls_certificate }}"
mode=644 owner=root group=root
notify:
- Restart slapd
- name: Configure TLS for slapd
ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="/etc/ssl/certs/{{ ldap_server_config.tls_certificate | basename }}" olcTLSCertificateKeyFile="/etc/ssl/private/{{ ldap_server_config.tls_key | basename }}"
notify:
- Restart slapd
- name: Configure SSF
ldap_entry: dn=cn=config state=replaceattributes olcSecurity=ssf="{{ ldap_server_config.ssf }}" olcLocalSSF="{{ ldap_server_config.ssf }}"
- name: Enable the memberof module
ldap_entry: dn="cn=module{0},cn=config" state=addattributes olcModuleLoad="{1}memberof"
- name: Enable the memberof overlay for database
ldap_entry:
dn: "olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config"
objectClass:
- olcConfig
- olcMemberOf
- olcOverlayConfig
olcOverlay: memberof
olcMemberOfRefInt: "TRUE"
olcMemberOfGroupOC: groupOfUniqueNames
olcMemberOfMemberAD: uniqueMember
- name: Apply database permissions
ldap_permissions:
filter: "{{ item.filter }}"
rules: "{{ item.rules }}"
with_items: ldap_permissions
- name: Create LDAP entries
ldap_entry: ""
args: "{{ item }}"
with_items: ldap_entries
- name: Deploy firewall configuration for LDAP
copy: src="ferm_ldap.conf" dest="/etc/ferm/conf.d/10-ldap.conf" owner=root group=root mode=640
notify:
- Restart ferm
|