majic-ansible-roles Changeset

Changeset - b6f7eccea487

Parent rev.

Child rev.

[Not reviewed]

2 2 2

Branko Majic (branko) - 7 years ago 2017-08-21 11:19:25
branko@majic.rs

MAR-117: Renamed ldap_entry and ldap_permissions modules:

- Renamed ldap_entry module to m_ldap_entry.
- Renamed ldap_permissions module to m_ldap_permissions.
- Renames done to avoid collisions with official modules (at least for
ldap_entry).

4 files changed with 32 insertions and 30 deletions:

docs/usage.rst

roles/ldap_server/library/m_ldap_entry.py

roles/ldap_server/library/m_ldap_permissions.py

roles/ldap_server/tasks/main.yml

0 comments (0 inline, 0 general)

docs/usage.rst

➞

Show inline comments

@@ @@ -750,9 +750,10 @@ role. @@
           # Now, let's add the two users to the mail group. Observe that we use
           # the "state: append" option. This is a bit of a cheat since the
           # ldap_entries option passes the provided entries directly to the
           # ldap_entry module. "state: append" will make sure we don't overwrite
           # the group, and instead add the attributes to it (in this case we add
           # the two users from above).
           # m_ldap_entry module (this is a custom module, not to be confused with
           # the official ldap_entry module). "state: append" will make sure we
           # don't overwrite the group, and instead add the attributes to it (in
           # this case we add the two users from above).
           - dn: cn=mail,ou=groups,dc=example,dc=com
             state: append
             attributes:
@@ @@ -1019,9 +1020,10 @@ role. @@
           # Add the two users to the xmpp group. Observe that we use
           # the "state: append" option. This is a bit of a cheat since the
           # ldap_entries option passes the provided entries directly to the
           # ldap_entry module. "state: append" will make sure we don't overwrite
           # the group, and instead add the attributes to it (in this case we add
           # the two users).
           # m_ldap_entry module (this is a custom module, not to be confused
           # with the official ldap_entry module). "state: append" will make sure
           # we don't overwrite the group, and instead add the attributes to it
           # (in this case we add the two users).
           - dn: cn=xmpp,ou=groups,dc=example,dc=com
             state: append
             attributes:

roles/ldap_server/library/m_ldap_entry.py

➞

Show inline comments

@@ modified file chmod 100755 => 100644 @@
@@ @@ -2,7 +2,7 @@ @@
 DOCUMENTATION = """
 ---
-module: ldap_entry
+module: m_ldap_entry
 short_description: Creates, updates, or removes an LDAP entry.
 description:
   - Creates, updates, or removes an LDAP entry in an LDAP directory.
@@ @@ -69,14 +69,14 @@ options: @@
 EXAMPLES = """
 # Create sub-trees for storing user and group information.
 ldap_entry: dn=ou=people,dc=example,dc=com objectClass=organizationalUnit ou=people
 ldap_entry: dn=ou=groups,dc=example,dc=com objectClass=organizationalUnit ou=groups
 m_ldap_entry: dn=ou=people,dc=example,dc=com objectClass=organizationalUnit ou=people
 m_ldap_entry: dn=ou=groups,dc=example,dc=com objectClass=organizationalUnit ou=groups
 # Remove old entries, using simple bind authentication.
-ldap_entry: dn=ou=accounting,dc=example,dc=com state=absent bind_dn=cn=admin,dc=example,dc=com bind_password=foo123
+m_ldap_entry: dn=ou=accounting,dc=example,dc=com state=absent bind_dn=cn=admin,dc=example,dc=com bind_password=foo123
 # Create a complex entry that has multiple values for single attribute.
-ldap_entry:
+m_ldap_entry:
   dn: uid=john,ou=people,dc=example,dc=com
   objectClass:
     - inetOrgPerson
@@ @@ -92,19 +92,19 @@ ldap_entry: @@
   usercertificate;binary: base64:MIIC...lotsofcharacters...+/A==
 # Add attribute to an entry.
-ldap_entry:
+m_ldap_entry:
   dn: uid=john,ou=people,dc=example,dc=com
   state: append
   mail: john.doe@example.com
 # Make sure the configuration database has specific logging level enabled.
-ldap_entry:
+m_ldap_entry:
   dn: cn=config
   state: replace
   olcLogLevel: 256
 # Remove attribute from an entry.
-ldap_entry:
+m_ldap_entry:
   dn: uid=john,ou=people,dc=example,dc=com
   state: replace
   uid: ""

roles/ldap_server/library/m_ldap_permissions.py

➞

Show inline comments

@@ @@ -2,7 +2,7 @@ @@
 DOCUMENTATION = """
 ---
-module: ldap_permissions
+module: m_ldap_permissions
 short_description: Sets permissions/ACL for LDAP database.
 description:
   - Sets permissions (access control list) for LDAP database.
@@ @@ -52,7 +52,7 @@ options: @@
 EXAMPLES = """
 # Set-up of rules for regular database.
-ldap_permissions:
+m_ldap_permissions:
   - filter: '(olcSuffix=dc=example,dc=com)'
     rules:
       - >
@@ @@ -75,12 +75,12 @@ ldap_permissions: @@
         by * none
 # Set-up rules for a configuration database. This time with a single rule in a
 # single line.
-ldap_permissions:
+m_ldap_permissions:
   - filter: '(olcDatabase={0}config)'
     rules:
       - to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
 # Set-up rules on a remote server.
-ldap_permissions:
+m_ldap_permissions:
   - filter: '(olcSuffix=dc=example,dc=com)'
     rules:
       - >

roles/ldap_server/tasks/main.yml

➞

Show inline comments

@@ @@ -82,7 +82,7 @@ @@
     mode: 0644
 - name: Change log level for slapd
-  ldap_entry:
+  m_ldap_entry:
     dn: cn=config
     state: replace
     olcLogLevel: "{{ ldap_server_log_level }}"
@@ @@ -125,7 +125,7 @@ @@
     mode: 0644
 - name: Configure TLS for slapd (includes hardening)
-  ldap_entry:
+  m_ldap_entry:
     dn: cn=config
     state: replace
     olcTLSCertificateFile: "/etc/ssl/certs/{{ ansible_fqdn }}_ldap.pem"
@@ @@ -135,20 +135,20 @@ @@
     - Restart slapd
 - name: Configure SSF
-  ldap_entry:
+  m_ldap_entry:
     dn: cn=config
     state: replace
     olcSecurity: "ssf={{ ldap_server_ssf }}"
     olcLocalSSF: "{{ ldap_server_ssf }}"
 - name: Enable the memberof module
-  ldap_entry:
+  m_ldap_entry:
     dn: "cn=module{0},cn=config"
     state: append
     olcModuleLoad: "{1}memberof"
 - name: Enable the memberof overlay for database
-  ldap_entry:
+  m_ldap_entry:
     dn: "olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config"
     objectClass:
       - olcConfig
@@ @@ -160,12 +160,12 @@ @@
     olcMemberOfMemberAD: uniqueMember
 - name: Apply database permissions
-  ldap_permissions:
+  m_ldap_permissions:
     filter: "(olcSuffix={{ ldap_server_int_basedn }})"
     rules: "{{ ldap_permissions }}"
 - name: Create basic LDAP directory structure
-  ldap_entry: ""
+  m_ldap_entry: ""
   args:
     dn: "ou={{ item }},{{ ldap_server_int_basedn }}"
     objectClass:
@@ @@ -177,14 +177,14 @@ @@
     - services
 - name: Create the entry that will contain mail service information
-  ldap_entry: ""
+  m_ldap_entry: ""
   args:
     dn: "ou=mail,ou=services,{{ ldap_server_int_basedn }}"
     objectClass: organizationalUnit
     ou: mail
 - name: Create LDAP directory structure for mail service
-  ldap_entry: ""
+  m_ldap_entry: ""
   args:
     dn: "ou={{ item }},ou=mail,ou=services,{{ ldap_server_int_basedn }}"
     objectClass: organizationalUnit
@@ @@ -194,7 +194,7 @@ @@
     - aliases
 - name: Create or remove login entries for services
-  ldap_entry: ""
+  m_ldap_entry: ""
   args:
     dn: "cn={{ item.name }},ou=services,{{ ldap_server_int_basedn }}"
     objectClass:
@@ @@ -206,7 +206,7 @@ @@
   with_items: "{{ ldap_server_consumers }}"
 - name: Create or remove user-supplied groups
-  ldap_entry: ""
+  m_ldap_entry: ""
   args:
     dn: "cn={{ item.name }},ou=groups,{{ ldap_server_int_basedn }}"
     objectClass: groupOfUniqueNames
@@ @@ -216,7 +216,7 @@ @@
   with_items: "{{ ldap_server_groups }}"
 - name: Create user-supplied LDAP entries
-  ldap_entry: ""
+  m_ldap_entry: ""
   args:
     dn: "{{ item.dn }}"
     state: "{{ item.state | default('present')}}"

0 comments (0 inline, 0 general)