From b9ad784771b4ffed68b5aa279f21c0ea7973d33e 2015-10-14 18:24:16 From: Branko Majic Date: 2015-10-14 18:24:16 Subject: [PATCH] MAR-39: Updated description for the LDAP server role. --- diff --git a/docs/rolereference.rst b/docs/rolereference.rst index ed701baaf0e1b9bb6c3385fb6212be7e7d55d96b..c7ee92c200010eeeebda289192bb7f361e4dc450 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -426,6 +426,11 @@ The role implements the following: ``groupOfUniqueNames`` via attribute ``uniqueMember``. Enforcement of referential integrity is turned on as well (modifications of ``memberof`` attribute will update corresponding group as well. +* Creates a basic directory structure used by most of the other roles. +* Creates a basic directory structure used by the mail server role. +* Creates login entries for services that need to consume LDAP directory data in + some way. +* Creates user-supplied groups in LDAP. * Configures permissions. * Creates LDAP entries. * Configures firewall to allow incoming connections to the LDAP server. @@ -477,6 +482,27 @@ Parameters by dn="cn=admin,BASEDN" write by * none +**ldap_server_consumers** (list, optional, ``[]``) + List of items describing additional login entries that should be created for + services that want to be able to log-in into the LDAP server and consume the + data present within. Each item should be a dictionary, with the following keys + avaialable: + + - **name** (name of the service, mandatory, this will be used to construct the + login entry DN in format of ``cn=NAME,ou=services,BASE_DN``) + - **password** (password for the login entry, mandatory) + - **state** (state of the service, optional, defaults to ``present``, this + should be ``present`` or ``absent``, allowing for removal of old services) + +**ldap_server_groups** (list, optional, ``[]``) + List of groups that should be created in the LDAP directory. Each item should + be a dictionary containing the following keys: + + - **name** (name of the group, mandatory, this will be used to construct the + group DN in format of ``cn=NAME,ou=groups,BASE_DN``) + - **state** (state of the group, optional, defaults to ``present``, this + should be ``present`` or ``absent``, allowing for removal of old groups) + **ldap_server_domain** (string, optional, ``{{ ansible_domain }}``) Domain that should be used for constructing the base DN of default user LDAP database. This should be a sub-domain dedicated to organisation. The base DN