majic-ansible-roles Changeset

Changeset - d077bd1afabb

Parent rev.

Child rev.

[Not reviewed]

0 3 0

Branko Majic (branko) - 10 years ago 2015-10-07 12:49:04
branko@majic.rs

MAR-38: Added deploment of LDAP misc schema to LDAP server role. Updated the test site to accomodate this change (removing the LDAP entries that took care of it manually before).

3 files changed with 11 insertions and 11 deletions:

docs/rolereference.rst

roles/ldap_server/tasks/main.yml

testsite/group_vars/ldap.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -416,12 +416,14 @@ The role implements the following: @@
 * Deploys LDAP TLS private key and certificate.
 * Installs OpenLDAP server (package ``slapd``).
 * Configures OpenLDAP server (base DN - domain, organisation, TLS, SSF, log levels).
 * Sets-up separate log file for OpenLDAP server at ``/var/log/slapd.log`` (with
   log rotation included).
 * Enables the ``misc`` LDAP schema (from ``/etc/ldap/schema/misc.ldif``). This
   is necessary for the mail server role.
 * Enables the ``memberof`` overlay on top of default database. The overlay is
   configured to keep track of membership changes for object class
   ``groupOfUniqueNames`` via attribute ``uniqueMember``. Enforcement of
   referential integrity is turned on as well (modifications of ``memberof``
   attribute will update corresponding group as well.
 * Configures permissions.

roles/ldap_server/tasks/main.yml

➞

Show inline comments

@@ @@ -31,12 +31,21 @@ @@
 - name: Deploy configuration file for log rotation of slapd logs
   copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644
 - name: Change log level for slapd
   ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_log_level }}"
 - name: Test if LDAP misc schema has been applied
   command: ldapsearch -Q -LLL -A -Y EXTERNAL -b cn=schema,cn=config -s one '(cn={*}misc)' cn
   register: ldap_misc_schema_present
   changed_when: false
 - name: Deploy LDAP misc schema
   command: ldapadd -Y EXTERNAL -f /etc/ldap/schema/misc.ldif
   when: ldap_misc_schema_present.stdout == ""
 - name: Deploy LDAP TLS private key
   copy: dest="/etc/ssl/private/{{ ldap_server_tls_key | basename }}" src="{{ ldap_server_tls_key }}"
         mode=640 owner=root group=openldap
   notify:
     - Restart slapd

testsite/group_vars/ldap.yml

➞

Show inline comments

@@ @@ -50,23 +50,12 @@ ldap_permissions: @@
     by self write
     by dn="cn=admin,{{ testsite_ldap_base }}" write
     by users read
     by * none
 ldap_entries:
   - dn: "cn={4}misc,cn=schema,cn=config"
     objectClass: olcSchemaConfig
     cn: "{4}misc"
     olcAttributeTypes:
       - "{0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )"
       - "{1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
       - "{2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
       - "{3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
     olcObjectClasses:
     - "{0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )"
     - "{1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )"
   - dn: ou=people,{{ testsite_ldap_base }}
     objectClass: organizationalUnit
     ou: people
   - dn: ou=groups,{{ testsite_ldap_base }}
     objectClass: organizationalUnit
     ou: groups

0 comments (0 inline, 0 general)