Files
@ 70733167cdf8
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/ldap.yml - annotation
70733167cdf8
5.1 KiB
text/x-yaml
MAR-9: Created small utility playbook in testsite for generating the necessary TLS keys and certificates. Updated testsite configuration to be slightly different (no need for separate chain file I think).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 | 0c81b8598748 0c81b8598748 7ab6518de03b 0f17841d0aad 7ab6518de03b 0f17841d0aad 70733167cdf8 7ab6518de03b 0c81b8598748 0c81b8598748 0c81b8598748 0f17841d0aad 0c81b8598748 0c81b8598748 083df81ac1a4 0c81b8598748 0c81b8598748 0f17841d0aad 5524a4ad9904 5524a4ad9904 70733167cdf8 0c81b8598748 0c81b8598748 0f17841d0aad 0c81b8598748 0c81b8598748 0f17841d0aad 0f17841d0aad 0c81b8598748 0c81b8598748 0c81b8598748 0f17841d0aad 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0f17841d0aad 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 0f17841d0aad 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 233d1e763810 0f17841d0aad 0c81b8598748 0c81b8598748 0f17841d0aad 0c81b8598748 0c81b8598748 0f17841d0aad 90417b999b1e 90417b999b1e 0f17841d0aad 0c81b8598748 0c81b8598748 0c81b8598748 0c81b8598748 5524a4ad9904 5524a4ad9904 0f17841d0aad 0f17841d0aad 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 5524a4ad9904 0f17841d0aad 0f17841d0aad 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 90417b999b1e 0f17841d0aad 90417b999b1e 90417b999b1e 90417b999b1e 0f17841d0aad 0f17841d0aad 0f17841d0aad be262063970c be262063970c be262063970c be262063970c be262063970c 0f17841d0aad be262063970c be262063970c be262063970c be262063970c be262063970c 0f17841d0aad be262063970c be262063970c be262063970c 0f17841d0aad 0f17841d0aad 0f17841d0aad 375f54472644 375f54472644 0f17841d0aad 375f54472644 375f54472644 0f17841d0aad 375f54472644 375f54472644 0f17841d0aad 375f54472644 375f54472644 0f17841d0aad 375f54472644 0f17841d0aad 0f17841d0aad 375f54472644 0f17841d0aad 0f17841d0aad 375f54472644 0f17841d0aad 0f17841d0aad | ---
local_mail_aliases:
root: "root john.doe@{{ testsite_domain }}"
smtp_relay_host: mail.{{ testsite_domain }}
smtp_relay_truststore: /etc/ssl/certs/ca.pem
ldap_client_config:
- comment: Set the base DN
option: BASE
value: "{{ testsite_ldap_base }}"
- comment: Set the default URI
option: URI
value: ldapi:///
- comment: Set the default bind DN
option: BINDDN
value: cn=admin,{{ testsite_ldap_base }}
- comment: Set the LDAP TLS truststore
option: TLS_CACERT
value: /etc/ssl/certs/ca.pem
ldap_server_config:
domain: "{{ testsite_domain }}"
organization: "Example Inc."
log_level: 256
tls_certificate: "{{ inventory_dir }}/tls/ldap.{{ testsite_domain }}_ldap.pem"
tls_key: "{{ inventory_dir }}/tls/ldap.{{ testsite_domain }}_ldap.key"
ssf: 128
ldap_permissions:
- filter: '(olcSuffix={{ testsite_ldap_base }})'
rules:
- >
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,{{ testsite_ldap_base }}" manage
by * break
- >
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >
to dn.base=""
by * read
- >
to *
by self write
by dn="cn=admin,{{ testsite_ldap_base }}" write
by users read
by * none
ldap_entries:
- dn: "cn={4}misc,cn=schema,cn=config"
objectClass: olcSchemaConfig
cn: "{4}misc"
olcAttributeTypes:
- "{0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )"
- "{1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
- "{2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
- "{3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
olcObjectClasses:
- "{0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )"
- "{1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )"
- dn: ou=people,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: people
- dn: ou=groups,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: groups
- dn: ou=services,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: services
- dn: uid=johndoe,ou=people,{{ testsite_ldap_base }}
objectClass:
- inetOrgPerson
uid: johndoe
cn: John Doe
sn: Doe
userPassword: johndoe
mail: john.doe@{{ testsite_domain }}
- dn: uid=janedoe,ou=people,{{ testsite_ldap_base }}
objectClass:
- inetOrgPerson
uid: janedoe
cn: Jane Doe
sn: Doe
userPassword: janedoe
mail: jane.doe@{{ testsite_domain }}
- dn: cn=xmpp,ou=services,{{ testsite_ldap_base }}
objectClass:
- applicationProcess
- simpleSecurityObject
cn: xmpp
userPassword: xmpp
- dn: cn=xmpp,ou=groups,{{ testsite_ldap_base }}
objectClass: groupOfUniqueNames
cn: xmpp
uniqueMember:
- uid=johndoe,ou=people,{{ testsite_ldap_base }}
- uid=janedoe,ou=people,{{ testsite_ldap_base }}
- dn: cn=postfix,ou=services,{{ testsite_ldap_base }}
objectClass:
- applicationProcess
- simpleSecurityObject
cn: postfix
userPassword: postfix
- dn: cn=dovecot,ou=services,{{ testsite_ldap_base }}
objectClass:
- applicationProcess
- simpleSecurityObject
cn: dovecot
userPassword: dovecot
- dn: cn=mail,ou=groups,{{ testsite_ldap_base }}
objectClass: groupOfUniqueNames
cn: mail
uniqueMember:
- uid=johndoe,ou=people,{{ testsite_ldap_base }}
- uid=janedoe,ou=people,{{ testsite_ldap_base }}
- dn: ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: mail
- dn: ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: domains
- dn: ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: aliases
- dn: ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: domains
- dn: dc={{ testsite_domain }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: dNSDomain
dc: "{{ testsite_domain }}"
- dn: dc={{ testsite_domain_alternative }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: dNSDomain
dc: "{{ testsite_domain_alternative }}"
- dn: cn=postmaster@{{ testsite_domain }},ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: nisMailAlias
cn: postmaster@{{ testsite_domain }}
rfc822MailMember: john.doe@{{ testsite_domain }}
|