majic-ansible-roles Changeset

Changeset - c5e2151afd55

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 6 days ago 2024-09-22 13:11:56
branko@majic.rs

MAR-218: Disable logging when setting up LDAP server consumers.

1 file changed with 2 insertions and 0 deletions:

roles/ldap_server/tasks/main.yml

0 comments (0 inline, 0 general)

roles/ldap_server/tasks/main.yml

➞

Show inline comments

@@ @@ -160,105 +160,107 @@ @@
     rules: "{{ ldap_permissions }}"
 - name: Drop the admin entry corresponding to olcRootDN for database from directory
   community.general.ldap_entry:
     dn: "cn=admin,{{ ldap_server_int_basedn }}"
     state: absent
 - name: Create basic LDAP directory structure
   community.general.ldap_entry:
     dn: "ou={{ item }},{{ ldap_server_int_basedn }}"
     objectClass:
       - organizationalUnit
     attributes:
       ou: "{{ item }}"
   with_items:
     - people
     - groups
     - services
 - name: Create the entry that will contain mail service information
   community.general.ldap_entry:
     dn: "ou=mail,ou=services,{{ ldap_server_int_basedn }}"
     objectClass:
       - organizationalUnit
     attributes:
       ou: mail
 - name: Create LDAP directory structure for mail service
   community.general.ldap_entry:
     dn: "ou={{ item }},ou=mail,ou=services,{{ ldap_server_int_basedn }}"
     objectClass:
       - organizationalUnit
     attributes:
       ou: "{{ item }}"
   with_items:
     - domains
     - aliases
 - name: Create or remove login entries for services
   community.general.ldap_entry:
     dn: "cn={{ item.name }},ou=services,{{ ldap_server_int_basedn }}"
     objectClass:
       - applicationProcess
       - simpleSecurityObject
     attributes:
       cn: "{{ item.name }}"
       userPassword: "{{ item.password }}"
     state: "{{ item.state | default('present') }}"
   no_log: true
   with_items: "{{ ldap_server_consumers }}"
 - name: Update services login passwords
   community.general.ldap_attrs:
     dn: "cn={{ item.name }},ou=services,{{ ldap_server_int_basedn }}"
     attributes:
       userPassword: "{{ item.password }}"
     state: exact
   with_items: "{{ ldap_server_consumers }}"
   no_log: true
   when: "item.state | default('present') == 'present'"
 - name: Create or remove user-supplied groups
   community.general.ldap_entry:
     dn: "cn={{ item.name }},ou=groups,{{ ldap_server_int_basedn }}"
     objectClass:
       - groupOfUniqueNames
     attributes:
       cn: "{{ item.name }}"
       uniqueMember: "cn=NONE"
     state: "{{ item.state | default('present') }}"
   with_items: "{{ ldap_server_groups }}"
 - name: Create user-supplied LDAP entries
   community.general.ldap_entry:
     dn: "{{ item.dn }}"
     objectClass: "{{ item.attributes.objectClass }}"
     attributes: "{{ item.attributes }}"
     state: "{{ item.state | default('present') }}"
   with_items: "{{ ldap_entries }}"
 - name: Deploy firewall configuration for LDAP
   ansible.builtin.copy:
     src: "ferm_ldap.conf"
     dest: "/etc/ferm/conf.d/10-ldap.conf"
     owner: root
     group: root
     mode: "0640"
   notify:
     - Restart ferm
 - name: Test LDAP admin password
   community.general.ldap_search:
     bind_dn: "cn=admin,{{ ldap_server_int_basedn }}"
     bind_pw: "{{ ldap_admin_password }}"
     server_uri: "ldapi:///"
     dn: "{{ ldap_server_int_basedn }}"
     scope: base
   register: ldap_admin_password_check
   failed_when: false
 - name: Update LDAP admin password
   community.general.ldap_attrs:
     dn: "olcDatabase={1}mdb,cn=config"
     attributes:
       olcRootPW: "{{ ldap_admin_password | ldap_password_hash }}"
     state: exact
   no_log: true

0 comments (0 inline, 0 general)