- >

      to *

      by self write

      by dn="cn=admin,BASEDN" write

      by * none

  Domain that should be used for constructing the base DN of default user LDAP

  database. This should be a sub-domain dedicated to organisation. The base DN

  will be constructed by putting all elements of the sub-domain as ``dc``

  entries (as per standard Debian convention). I.e. ``example.com`` would get

  transformed into ``dc=example,dc=com``.

**ldap_server_log_level** (string, optional, ``256``)

  Log level to use for the server. This should be compatible with OpenLDAP

  configuration option ``olcLogLevel``. See `OpenLDAP Administrator's Guide

  <http://www.openldap.org/doc/admin24/slapdconf2.html#cn=config>` for value

  description and syntax.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for LDAP service. The file will be copied to directory ``/etc/ssl/certs/``.

  Path to file on Ansible host that contains the private key used for TLS for

  LDAP service. The file will be copied to directory ``/etc/ssl/private/``.

**ldap_server_ssf** (number, optional, ``128``)

  Minimum *Security Strength Factor* to require from all incoming

  connections. This applies for both remote and local connections.

**xmpp_administrators** (list, mandatory)

  List of Prosody users that should be granted administrator privileges over

  Prosody. Each item is a string with value equal to XMPP user ID

  (i.e. ``john.doe@example.com``).

  Path to file on Ansible host that contains the private key used for TLS for

  XMPP service. The file will be copied to directory ``/etc/ssl/private/``.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``.

  List of domains that are served by this Prosody instance. Each item is a

  string specifying a domain.

**xmpp_ldap_server** (string, mandatory)

  Fully qualified domain name, hostname, or IP address of the LDAP server used

  for user authentication and listing.

**mail_user_uid** (integer, optional, ``whatever OS picks``)

  UID of the user that owns all the mail files.

**mail_user_gid** (integer, optional, ``whatever OS picks``)

  GID of the user that owns all the mail files.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for IMAP and ManageSieve services. The file will be copied to directory

  ``/etc/ssl/certs/``.

  Path to file on Ansible host that contains the private key used for TLS for

  IMAP and ManageSieve services. The file will be copied to directory

  ``/etc/ssl/private/``.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``.

  Path to file on Ansible host that contains the private key used for TLS for

  SMTP service. The file will be copied to directory ``/etc/ssl/private/``.

**imap_folder_separator** (string, optional, ``/``)

  Character used for separating the IMAP folders when clients are requesting

  listing from the server. Usually either slash(``/``) or dot(``.``).

**smtp_rbl** (list, optional, ``[]``)

  List of RBLs to use for detecting servers which send out spam. Each item is a

  string resembling the RBL domain.

  Mail address to use for the postmaster account in Dovecot.

**smtp_allow_relay_from** (list, optional, [])

  List of networks from which mail relaying is allowed even without

  authentication. Each item in the list is a string defining a network. The

  format must be compatible with Postfix ``mynetworks`` setting (for example:

* Installs and configures PHP FPM as a common base for PHP apps.

Parameters

~~~~~~~~~~

  Path to file on Ansible host that contains the private key used for TLS for

  HTTPS service. The file will be copied to directory ``/etc/ssl/private/``.

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``.

**web_default_title** (string, optional, ``Welcome``)

  Title for the default web page shown to users (if no other vhosts were matched).

---

ldap_entries: []

# Internal value, base DN.

ldap_server_int_basedn: "{{ ldap_server_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"

ldap_server_organization: "Private"

ldap_server_log_level: 256

ldap_server_ssf: 128

ldap_permissions:

  - >

    to *

    by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage

    by dn="cn=admin,{{ ldap_server_int_basedn }}" manage

---

mail_ldap_tls_truststore: "/etc/ssl/certs/truststore.pem"

mail_user: vmail

imap_folder_separator: "/"

smtp_rbl: []

smtp_allow_relay_from: []

---

web_default_title: "Welcome"

web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."

---

xmpp_ldap_filter: '(mail=$user@$host)'

xmpp_ldap_scope: subtree