Files
@ 8a6ebeaabb26
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/ldap.yml - annotation
8a6ebeaabb26
3.2 KiB
text/x-yaml
MAR-125: Eliminated a couple of warnings:
- Use the file module when cleaning-up the /etc/duply/main/gnupg directory.
- Mark the bind_password in m_ldap_entry and m_ldap_permissions as no_log
parameters.
- Use the file module when cleaning-up the /etc/duply/main/gnupg directory.
- Mark the bind_password in m_ldap_entry and m_ldap_permissions as no_log
parameters.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | 0c81b8598748 0c81b8598748 7ab6518de03b 0f17841d0aad 7ab6518de03b 0f17841d0aad 1b05bae8e440 7ab6518de03b 0c81b8598748 0c81b8598748 0c81b8598748 0f17841d0aad 0c81b8598748 0c81b8598748 083df81ac1a4 0c81b8598748 0c81b8598748 0f17841d0aad 5524a4ad9904 5524a4ad9904 70733167cdf8 e1f36d36827b e1f36d36827b e1f36d36827b 0c81b8598748 e29b656fbf7a 9f804c9501da 011f651f90ce 011f651f90ce 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da b325005c1a8f 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da b325005c1a8f b325005c1a8f 18cd76ec050d 18cd76ec050d b325005c1a8f 0c81b8598748 0c81b8598748 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 0c81b8598748 0c81b8598748 0f17841d0aad 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 0f17841d0aad 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 9f804c9501da 9f804c9501da 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 011f651f90ce 011f651f90ce 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 0f17841d0aad 922cda0a1834 922cda0a1834 922cda0a1834 0f17841d0aad 922cda0a1834 922cda0a1834 922cda0a1834 0f17841d0aad 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 | ---
local_mail_aliases:
root: "root john.doe@{{ testsite_domain }}"
smtp_relay_host: mail.{{ testsite_domain }}
smtp_relay_truststore: "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"
ldap_client_config:
- comment: Set the base DN
option: BASE
value: "{{ testsite_ldap_base }}"
- comment: Set the default URI
option: URI
value: ldapi:///
- comment: Set the default bind DN
option: BINDDN
value: cn=admin,{{ testsite_ldap_base }}
- comment: Set the LDAP TLS truststore
option: TLS_CACERT
value: /etc/ssl/certs/ca.pem
- comment: Enforce TLS
option: TLS_REQCERT
value: demand
ldap_admin_password: admin
ldap_server_consumers:
- name: prosody
password: prosody
- name: postfix
password: postfix
- name: dovecot
password: dovecot
- name: bollocks
password: "none"
state: absent
ldap_server_domain: "{{ testsite_domain }}"
ldap_server_groups:
- name: xmpp
- name: mail
- name: blimey
state: absent
ldap_server_organization: "Example Inc."
ldap_server_log_level: 256
ldap_server_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/ldap.' + testsite_domain + '_ldap.pem') }}"
ldap_server_tls_key: "{{ lookup('file', inventory_dir + '/tls/ldap.' + testsite_domain + '_ldap.key') }}"
ldap_server_ssf: 128
ldap_permissions:
- >-
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,{{ testsite_ldap_base }}" manage
by * break
- >-
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >-
to dn.base=""
by * read
- >-
to *
by self write
by dn="cn=admin,{{ testsite_ldap_base }}" write
by users read
by * none
ldap_entries:
- dn: uid=johndoe,ou=people,{{ testsite_ldap_base }}
attributes:
objectClass:
- inetOrgPerson
uid: johndoe
cn: John Doe
sn: Doe
userPassword: johndoe
mail: john.doe@{{ testsite_domain }}
- dn: uid=janedoe,ou=people,{{ testsite_ldap_base }}
attributes:
objectClass:
- inetOrgPerson
uid: janedoe
cn: Jane Doe
sn: Doe
userPassword: janedoe
mail: jane.doe@{{ testsite_domain }}
- dn: "cn=mail,ou=groups,{{ testsite_ldap_base }}"
state: append
attributes:
uniqueMember:
- uid=johndoe,ou=people,{{ testsite_ldap_base }}
- uid=janedoe,ou=people,{{ testsite_ldap_base }}
- dn: "cn=xmpp,ou=groups,{{ testsite_ldap_base }}"
state: append
attributes:
uniqueMember:
- uid=johndoe,ou=people,{{ testsite_ldap_base }}
- uid=janedoe,ou=people,{{ testsite_ldap_base }}
- dn: dc={{ testsite_domain }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
attributes:
objectClass: dNSDomain
dc: "{{ testsite_domain }}"
- dn: dc={{ testsite_domain_alternative }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
attributes:
objectClass: dNSDomain
dc: "{{ testsite_domain_alternative }}"
- dn: cn=postmaster@{{ testsite_domain }},ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
attributes:
objectClass: nisMailAlias
cn: postmaster@{{ testsite_domain }}
rfc822MailMember: john.doe@{{ testsite_domain }}
|