Files
@ a5d38f30094b
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/ldap.yml - annotation
a5d38f30094b
2.8 KiB
text/x-yaml
MAR-132: Workarounds for wsgi_website Python virtual environment in Debian Stretch:
- Manually install setuptools in Python virtual environment on Debian
Stretch, otherwise the pkg-resources==0.0.0 package will mess with
pip freeze etc.
- Add back installation of futures package, even on Python 3 (since it
does not cause any harm).
- A small cleanup of how requirements are treated will be done in
separate ticket.
- Manually install setuptools in Python virtual environment on Debian
Stretch, otherwise the pkg-resources==0.0.0 package will mess with
pip freeze etc.
- Add back installation of futures package, even on Python 3 (since it
does not cause any harm).
- A small cleanup of how requirements are treated will be done in
separate ticket.
0c81b8598748 0c81b8598748 7ab6518de03b 0f17841d0aad 7ab6518de03b 0f17841d0aad b56ccd5a92ee 7ab6518de03b 0c81b8598748 0c81b8598748 0c81b8598748 0f17841d0aad 0c81b8598748 0c81b8598748 083df81ac1a4 0c81b8598748 0c81b8598748 0f17841d0aad 5524a4ad9904 5524a4ad9904 70733167cdf8 e1f36d36827b e1f36d36827b e1f36d36827b 0c81b8598748 e29b656fbf7a 9f804c9501da 011f651f90ce 011f651f90ce 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da b325005c1a8f 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da 9f804c9501da b325005c1a8f b325005c1a8f 18cd76ec050d 18cd76ec050d b325005c1a8f 0c81b8598748 0c81b8598748 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 0c81b8598748 0c81b8598748 0f17841d0aad 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 0f17841d0aad 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 0f17841d0aad 922cda0a1834 922cda0a1834 922cda0a1834 0f17841d0aad 922cda0a1834 922cda0a1834 922cda0a1834 0f17841d0aad 922cda0a1834 922cda0a1834 922cda0a1834 922cda0a1834 | ---
local_mail_aliases:
root: "root john.doe@{{ testsite_domain }}"
smtp_relay_host: mail.{{ testsite_domain }}
smtp_relay_truststore: "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"
ldap_client_config:
- comment: Set the base DN
option: BASE
value: "{{ testsite_ldap_base }}"
- comment: Set the default URI
option: URI
value: ldapi:///
- comment: Set the default bind DN
option: BINDDN
value: cn=admin,{{ testsite_ldap_base }}
- comment: Set the LDAP TLS truststore
option: TLS_CACERT
value: /etc/ssl/certs/ca.pem
- comment: Enforce TLS
option: TLS_REQCERT
value: demand
ldap_admin_password: admin
ldap_server_consumers:
- name: prosody
password: prosody
- name: postfix
password: postfix
- name: dovecot
password: dovecot
- name: bollocks
password: "none"
state: absent
ldap_server_domain: "{{ testsite_domain }}"
ldap_server_groups:
- name: xmpp
- name: mail
- name: blimey
state: absent
ldap_server_organization: "Example Inc."
ldap_server_log_level: 256
ldap_server_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/ldap.' + testsite_domain + '_ldap.pem') }}"
ldap_server_tls_key: "{{ lookup('file', inventory_dir + '/tls/ldap.' + testsite_domain + '_ldap.key') }}"
ldap_server_ssf: 128
ldap_permissions:
- >-
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,{{ testsite_ldap_base }}" manage
by * break
- >-
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >-
to dn.base=""
by * read
- >-
to *
by self write
by dn="cn=admin,{{ testsite_ldap_base }}" write
by users read
by * none
ldap_entries:
- dn: uid=johndoe,ou=people,{{ testsite_ldap_base }}
attributes:
objectClass:
- inetOrgPerson
uid: johndoe
cn: John Doe
sn: Doe
userPassword: johndoe
mail: john.doe@{{ testsite_domain }}
- dn: uid=janedoe,ou=people,{{ testsite_ldap_base }}
attributes:
objectClass:
- inetOrgPerson
uid: janedoe
cn: Jane Doe
sn: Doe
userPassword: janedoe
mail: jane.doe@{{ testsite_domain }}
- dn: dc={{ testsite_domain }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
attributes:
objectClass: dNSDomain
dc: "{{ testsite_domain }}"
- dn: dc={{ testsite_domain_alternative }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
attributes:
objectClass: dNSDomain
dc: "{{ testsite_domain_alternative }}"
- dn: cn=postmaster@{{ testsite_domain }},ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
attributes:
objectClass: nisMailAlias
cn: postmaster@{{ testsite_domain }}
rfc822MailMember: john.doe@{{ testsite_domain }}
|