Changeset - c60bd9674678
Parent rev.
Child rev.
[Not reviewed]
0 1 0
Branko Majic (branko) - 4 years ago 2020-10-01 23:38:19
branko@majic.rs
MAR-161: Updated usage instructions to account for the ldap_server_domain parameter now being mandatory.
1 file changed with 11 insertions and 7 deletions:
docs/usage.rst
11
7
0 comments (0 inline, 0 general)
docs/usage.rst
Show inline comments
 
@@ -655,9 +655,11 @@ one up first. This includes both the LDAP *server* and *client* configuration.
 
          - common
 
          - ldap_client
 

			




	
	
	
		
 
3. Time to configure the roles. For start, let us configure the LDAP server

			




	
	
	
		
 
   role. Keep in mind that there is a lot of default variables set-up by the

			




	
	
	
		
 
   role itself, making our config rather short.

			




	
	
	
		
 
3. Time to configure the roles. For start, let us configure the LDAP

			




	
	
	
		
 
   server role. Keep in mind that there is a lot of default variables

			




	
	
	
		
 
   set-up by the role itself, making our config rather short. The

			




	
	
	
		
 
   ``ldap_server_domain`` parameter will be used to form the base DN

			




	
	
	
		
 
   of the LDAP directory (resulting in ``dc=example,dc=com``).

			




	
	
	
		
 

			




	
	
	
		
 
   :file:`~/mysite/group_vars/communications.yml`

			




	
	
	
		
 
   ::

			




	
	
		
 
@@ -665,15 +667,17 @@ one up first. This includes both the LDAP *server* and *client* configuration.

			




	
	
	
		
 
      ---

			




	
	
	
		
 

			




	
	
	
		
 
      ldap_admin_password: admin

			




	
	
	
		
 

			




	
	
	
		
 
      ldap_server_domain: example.com

			




	
	
	
		
 
      ldap_server_organization: "Example Inc."

			




	
	
	
		
 
      ldap_server_tls_certificate: "{{ lookup('file', '~/mysite/tls/comms.example.com_ldap.pem') }}"

			




	
	
	
		
 
      ldap_server_tls_key: "{{ lookup('file', '~/mysite/tls/comms.example.com_ldap.key') }}"

			




	
	
	
		
 

			




	
	
	
		
 
4. Phew. That was... Well, actually, easy :) Technically, only the

			




	
	
	
		
 
   LDAP admin password and TLS certificate/key *must* be set, but it

			




	
	
	
		
 
   is nice to have organisation explicitly specified as well (instead

			




	
	
	
		
 
   of using whatever Debian picks as default). Let us add the LDAP

			




	
	
	
		
 
   client configuration next. We will start off with global LDAP

			




	
	
	
		
 
   LDAP admin password, domain, and TLS certificate/key *must* be set,

			




	
	
	
		
 
   but it is nice to have organisation explicitly specified as well

			




	
	
	
		
 
   (instead of using whatever Debian picks as default). Let us add the

			




	
	
	
		
 
   LDAP client configuration next. We will start off with global LDAP

			




	
	
	
		
 
   client configuration. In case of the LDAP client role, we have got

			




	
	
	
		
 
   to be a bit more explicit.

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.