diff --git a/roles/ldap_server/tasks/main.yml b/roles/ldap_server/tasks/main.yml index e3d64f87b2974cdf6afaf1dd2cc629537f740945..03af789022716f09a4c60e4b831052e3e6f73bc4 100644 --- a/roles/ldap_server/tasks/main.yml +++ b/roles/ldap_server/tasks/main.yml @@ -58,11 +58,11 @@ enabled: true - name: Change log level for slapd - ldap_attr: + community.general.ldap_attrs: dn: cn=config + attributes: + olcLogLevel: "{{ ldap_server_log_level }}" state: exact - name: olcLogLevel - values: "{{ ldap_server_log_level }}" - name: Test if LDAP misc schema has been applied ansible.builtin.command: "ldapsearch -H ldapi:/// -Q -LLL -A -Y EXTERNAL -b cn=schema,cn=config -s one '(cn={*}misc)' cn" @@ -116,81 +116,30 @@ group: root mode: "0644" -# We need to have this hack around TLS configuration because OpenLDAP -# expects both private key and certificate to be set at the same -# time. -# -# OpenLDAP server behaviour is a bit weird around this thing, so here -# is what happens: -# -# 1. First we set the private key, but ignore all errors. This has not -# yet changed the private key path, though. -# -# 2. Then we set the certificate. This succeeds, but the private key -# path still has the old value. If we haven't done the step (1), -# this task would fail too. -# -# 3. Now we can finally change the private key too, and LDAP server -# will be able to validate it against the corresponding certificate. -# -# See https://github.com/ansible/ansible/issues/25665 for more -# information. -- name: Configure TLS private key (ignore errors) - ldap_attr: - dn: cn=config - name: olcTLSCertificateKeyFile - values: "/etc/ssl/private/{{ ansible_fqdn }}_ldap.key" - state: exact - failed_when: false - -- name: Configure TLS certificate - ldap_attr: - dn: cn=config - name: olcTLSCertificateFile - values: "/etc/ssl/certs/{{ ansible_fqdn }}_ldap.pem" - state: exact - -- name: Configure TLS private key - ldap_attr: - dn: cn=config - name: olcTLSCertificateKeyFile - values: "/etc/ssl/private/{{ ansible_fqdn }}_ldap.key" - state: exact - -- name: Configure DH parameter - ldap_attr: - dn: cn=config - name: olcTLSDHParamFile - values: "/etc/ssl/private/{{ ansible_fqdn }}_ldap.dh.pem" - state: exact - -- name: Configure TLS cipher suites - ldap_attr: - dn: cn=config - name: olcTLSCipherSuite - values: "{{ ldap_tls_ciphers }}" - state: exact - -- name: Configure SSF for local unix socket connections - ldap_attr: +- name: Configure TLS + community.general.ldap_attrs: dn: cn=config + attributes: + olcTLSCertificateFile: "/etc/ssl/certs/{{ ansible_fqdn }}_ldap.pem" + olcTLSCertificateKeyFile: "/etc/ssl/private/{{ ansible_fqdn }}_ldap.key" + olcTLSDHParamFile: "/etc/ssl/private/{{ ansible_fqdn }}_ldap.dh.pem" + olcTLSCipherSuite: "{{ ldap_tls_ciphers }}" state: exact - name: olcLocalSSF - values: "{{ ldap_server_ssf }}" -- name: Configure required SSF - ldap_attr: +- name: Configure required SSF (make sure local unix socket connections are allowed) + community.general.ldap_attrs: dn: cn=config + attributes: + olcLocalSSF: "{{ ldap_server_ssf }}" + olcSecurity: "ssf={{ ldap_server_ssf }}" state: exact - name: olcSecurity - values: "ssf={{ ldap_server_ssf }}" - name: Enable the memberof module - ldap_attr: + community.general.ldap_attrs: dn: "cn=module{0},cn=config" + attributes: + olcModuleLoad: "{1}memberof" state: present - name: olcModuleLoad - values: "{1}memberof" - name: Enable the memberof overlay for database community.general.ldap_entry: @@ -259,10 +208,10 @@ with_items: "{{ ldap_server_consumers }}" - name: Update services login passwords - ldap_attr: + community.general.ldap_attrs: dn: "cn={{ item.name }},ou=services,{{ ldap_server_int_basedn }}" - name: userPassword - values: "{{ item.password }}" + attributes: + userPassword: "{{ item.password }}" state: exact with_items: "{{ ldap_server_consumers }}" when: "item.state | default('present') == 'present'" @@ -315,10 +264,10 @@ failed_when: false - name: Update LDAP admin password - ldap_attr: + community.general.ldap_attrs: dn: "olcDatabase={1}mdb,cn=config" - name: olcRootPW - values: "{{ ldap_admin_password | ldap_password_hash }}" + attributes: + olcRootPW: "{{ ldap_admin_password | ldap_password_hash }}" state: exact when: ldap_admin_password_check.rc != 0 diff --git a/roles/mail_server/molecule/default/prepare.yml b/roles/mail_server/molecule/default/prepare.yml index c9823d72283b1eb0647fb900d13625b121cbabae..3ba2c19e62bf738f16c73e76515e78562b484672 100644 --- a/roles/mail_server/molecule/default/prepare.yml +++ b/roles/mail_server/molecule/default/prepare.yml @@ -422,13 +422,13 @@ rfc822MailMember: jane.doe@domain2 - name: Add test accounts to correct group - ldap_attr: + community.general.ldap_attrs: dn: "cn=mail,ou=groups,dc=local" - name: uniqueMember + attributes: + uniqueMember: + - uid=john,ou=people,dc=local + - uid=jane,ou=people,dc=local state: exact - values: - - uid=john,ou=people,dc=local - - uid=jane,ou=people,dc=local - name: Prepare, test fixtures hosts: parameters-mandatory,parameters-optional diff --git a/roles/xmpp_server/molecule/default/prepare.yml b/roles/xmpp_server/molecule/default/prepare.yml index 7764229376c314fceaaebb366e191d113b220edf..df67a15fa60aae0cdd7dd56b5a46627dc45ff5da 100644 --- a/roles/xmpp_server/molecule/default/prepare.yml +++ b/roles/xmpp_server/molecule/default/prepare.yml @@ -252,15 +252,15 @@ mail: noxmpp@domain1 - name: Add test accounts to correct group - ldap_attr: + community.general.ldap_attrs: dn: "cn=xmpp,ou=groups,dc=local" - name: uniqueMember + attributes: + uniqueMember: + - uid=john,ou=people,dc=local + - uid=jane,ou=people,dc=local + - uid=mick,ou=people,dc=local + - uid=eve,ou=people,dc=local state: exact - values: - - uid=john,ou=people,dc=local - - uid=jane,ou=people,dc=local - - uid=mick,ou=people,dc=local - - uid=eve,ou=people,dc=local - name: Prepare, test fixtures hosts: parameters-mandatory,parameters-optional