Files
@ 96e9f230a669
Branch filter:
Location: majic-ansible-roles/roles/ldap_server/tasks/main.yml - annotation
96e9f230a669
2.5 KiB
text/x-yaml
MAR-10: Updated server roles to deploy private key and certificate. Updated documentation and test site configuration as well.
dcd5e6e08117 dcd5e6e08117 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 96e9f230a669 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f 30c772db9c58 30c772db9c58 30c772db9c58 ea92f99d9c33 ea92f99d9c33 ea92f99d9c33 7d6c2d8f03bf 96e9f230a669 7d6c2d8f03bf 7d6c2d8f03bf dcd5e6e08117 58e1c3121e77 58e1c3121e77 58e1c3121e77 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 f7fe8adec8d3 f7fe8adec8d3 f7fe8adec8d3 308745f2c2a8 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 b1e6de7dd8a7 b1e6de7dd8a7 b1e6de7dd8a7 b1e6de7dd8a7 b1e6de7dd8a7 | ---
- name: Deploy LDAP TLS private key
copy: dest="/etc/ssl/private/{{ ldap_server_config.tls_key | basename }}" src="{{ ldap_server_config.tls_key }}"
mode=640 owner=root group=openldap
- name: Deploy LDAP TLS certificate
copy: dest="/etc/ssl/certs/{{ ldap_server_config.tls_certificate | basename }}" src="{{ ldap_server_config.tls_certificate }}"
mode=644 owner=root group=root
- name: Set domain for slapd
debconf: name=slapd question=slapd/domain vtype=string value="{{ ldap_server_config.domain }}"
- name: Set organisation for slapd
debconf: name=slapd question=slapd/organization vtype=string value="{{ ldap_server_config.organization }}"
- name: Install slapd
apt: name=slapd state=installed
- name: Install Python LDAP bindings
apt: name=python-ldap state=installed
- name: Enable slapd service
service: name=slapd enabled=yes state=started
- name: Deploy system logger configuration file for slapd
copy: src=slapd_rsyslog.conf dest=/etc/rsyslog.d/slapd.conf owner=root group=root mode=0644
notify:
- Restart rsyslog
- name: Deploy configuration file for log rotation of slapd logs
copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644
- name: Change log level for slapd
ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_config.log_level }}"
- name: Configure TLS for slapd
ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="/etc/ssl/certs/{{ ldap_server_config.tls_certificate | basename }}" olcTLSCertificateKeyFile="/etc/ssl/private/{{ ldap_server_config.tls_key | basename }}"
notify:
- Restart slapd
- name: Configure SSF
ldap_entry: dn=cn=config state=replaceattributes olcSecurity=ssf="{{ ldap_server_config.ssf }}" olcLocalSSF="{{ ldap_server_config.ssf }}"
- name: Enable the memberof module
ldap_entry: dn="cn=module{0},cn=config" state=addattributes olcModuleLoad="{1}memberof"
- name: Enable the memberof overlay for database
ldap_entry:
dn: "olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config"
objectClass:
- olcConfig
- olcMemberOf
- olcOverlayConfig
olcOverlay: memberof
olcMemberOfRefInt: "TRUE"
olcMemberOfGroupOC: groupOfUniqueNames
olcMemberOfMemberAD: uniqueMember
- name: Apply database permissions
ldap_permissions:
filter: "{{ item.filter }}"
rules: "{{ item.rules }}"
with_items: ldap_permissions
- name: Create LDAP entries
ldap_entry: ""
args: "{{ item }}"
with_items: ldap_entries
|