Files
@ f7fe8adec8d3
Branch filter:
Location: majic-ansible-roles/roles/ldap_server/tasks/main.yml - annotation
f7fe8adec8d3
2.3 KiB
text/x-yaml
MAR-1: Updated documentation about memberof overlay. Updated configuration of the memberof overlay.
dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f ec982756013f 30c772db9c58 30c772db9c58 30c772db9c58 ea92f99d9c33 ea92f99d9c33 ea92f99d9c33 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf 7d6c2d8f03bf dcd5e6e08117 58e1c3121e77 58e1c3121e77 58e1c3121e77 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 308745f2c2a8 f7fe8adec8d3 f7fe8adec8d3 f7fe8adec8d3 308745f2c2a8 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 dcd5e6e08117 b1e6de7dd8a7 b1e6de7dd8a7 b1e6de7dd8a7 b1e6de7dd8a7 b1e6de7dd8a7 | ---
- name: Set domain for slapd
debconf: name=slapd question=slapd/domain vtype=string value="{{ ldap_server_config.domain }}"
- name: Set organisation for slapd
debconf: name=slapd question=slapd/organization vtype=string value="{{ ldap_server_config.organization }}"
- name: Install slapd
apt: name=slapd state=installed
- name: Install Python LDAP bindings
apt: name=python-ldap state=installed
- name: Enable slapd service
service: name=slapd enabled=yes state=started
- name: Deploy system logger configuration file for slapd
copy: src=slapd_rsyslog.conf dest=/etc/rsyslog.d/slapd.conf owner=root group=root mode=0644
notify:
- Restart rsyslog
- name: Deploy configuration file for log rotation of slapd logs
copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644
- name: Change log level for slapd
ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_config.log_level }}"
- name: Check if TLS private key is available
stat: path="{{ ldap_server_config.tls_key }}"
register: tls_key
- name: Check if TLS certificate is available
stat: path="{{ ldap_server_config.tls_key }}"
register: tls_certificate
- name: Configure TLS for slapd
ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="{{ ldap_server_config.tls_certificate }}" olcTLSCertificateKeyFile="{{ ldap_server_config.tls_key }}"
when: tls_key.stat.exists and tls_certificate.stat.exists
notify:
- Restart slapd
- name: Configure SSF
ldap_entry: dn=cn=config state=replaceattributes olcSecurity=ssf="{{ ldap_server_config.ssf }}" olcLocalSSF="{{ ldap_server_config.ssf }}"
- name: Enable the memberof module
ldap_entry: dn="cn=module{0},cn=config" state=addattributes olcModuleLoad="{1}memberof"
- name: Enable the memberof overlay for database
ldap_entry:
dn: "olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config"
objectClass:
- olcConfig
- olcMemberOf
- olcOverlayConfig
olcOverlay: memberof
olcMemberOfRefInt: "TRUE"
olcMemberOfGroupOC: groupOfUniqueNames
olcMemberOfMemberAD: uniqueMember
- name: Apply database permissions
ldap_permissions:
filter: "{{ item.filter }}"
rules: "{{ item.rules }}"
with_items: ldap_permissions
- name: Create LDAP entries
ldap_entry: ""
args: "{{ item }}"
with_items: ldap_entries
|