Files
@ ea69b2719d8e
Branch filter:
Location: majic-ansible-roles/roles/ldap_server/defaults/main.yml - annotation
ea69b2719d8e
1.2 KiB
text/x-yaml
MAR-22: Implemented tests for the common role:
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.
99edcba90842 99edcba90842 881a85f08e22 99edcba90842 ddfeb485fb84 99edcba90842 99edcba90842 99edcba90842 99edcba90842 1b05bae8e440 1b05bae8e440 99edcba90842 9f804c9501da 9f804c9501da 99edcba90842 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 63d26c0b3d86 55dd00900508 63d26c0b3d86 430eb250e244 430eb250e244 | ---
enable_backup: False
ldap_entries: []
ldap_server_domain: "{{ ansible_domain }}"
# Internal value, base DN.
ldap_server_int_basedn: "{{ ldap_server_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"
ldap_server_organization: "Private"
ldap_server_log_level: 256
ldap_server_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + ansible_fqdn + '_ldap.pem') }}"
ldap_server_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + ansible_fqdn + '_ldap.key') }}"
ldap_server_ssf: 128
ldap_server_consumers: []
ldap_server_groups: []
ldap_permissions:
- >
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,{{ ldap_server_int_basedn }}" manage
by * break
- >
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >
to dn.base=""
by * read
- >
to *
by self write
by dn="cn=admin,{{ ldap_server_int_basedn }}" write
by users read
by * none
ldap_tls_ciphers: "NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL"
|