majic-ansible-roles Changeset

Changeset - e29b656fbf7a

Parent rev.

Child rev.

[Not reviewed]

0 4 1

Branko Majic (branko) - 9 years ago 2015-09-26 18:19:29
branko@majic.rs

MAR-36: Added new option to ldap_server role for defining the LDAP administrator's password.

5 files changed with 28 insertions and 2 deletions:

docs/rolereference.rst

roles/ldap_server/handlers/main.yml

roles/ldap_server/tasks/main.yml

roles/ldap_server/templates/ldap_admin_password.j2

testsite/group_vars/ldap.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -427,11 +427,16 @@ The role implements the following: @@
 * Configures permissions.
 * Creates LDAP entries.
 * Configures firewall to allow incoming connections to the LDAP server.
 * Sets the LDAP server administrator's password.
 Parameters
 ~~~~~~~~~~
 **ldap_admin_password** (string, mandatory)
   Password for the default administrator account of LDAP server (the
   ``cn=admin,DOMAIN`` entry/user).
 **ldap_entries** (list, optional, ``[]``)
   List of entries that should be kept in the LDAP directory. Each item is a
   dictionary describing a single LDAP entry, with all of its attributes

roles/ldap_server/handlers/main.yml

➞

Show inline comments

@@ @@ -4,4 +4,4 @@ @@
   service: name=rsyslog state=restarted
 - name: Restart slapd
   service: name=slapd state=restarted
@@ \ No newline at end of file @@
   service: name=slapd state=restarted

roles/ldap_server/tasks/main.yml

➞

Show inline comments

@@ @@ -82,4 +82,23 @@ @@
 - name: Deploy firewall configuration for LDAP
   copy: src="ferm_ldap.conf" dest="/etc/ferm/conf.d/10-ldap.conf" owner=root group=root mode=640
   notify:
     - Restart ferm
@@ \ No newline at end of file @@
     - Restart ferm
 - name: Deploy temporary file with LDAP admin password
   template: src="ldap_admin_password.j2" dest="/root/.ldap_admin_password"
             owner=root group=root mode=400
   changed_when: False
 - name: Test if LDAP admin password needs to be changed
   command: ldapwhoami -D "cn=admin,{{ ldap_server_int_basedn }}" -x -y /root/.ldap_admin_password
   register: ldap_admin_password_check
   changed_when: ldap_admin_password_check.rc != 0
   failed_when: False
 - name: Update LDAP admin password
   command: ldappasswd -Y EXTERNAL -H ldapi:/// "cn=admin,{{ ldap_server_int_basedn }}" -T /root/.ldap_admin_password
   when: ldap_admin_password_check.rc != 0
 - name: Remove temporary file with LDAP admin password
   file: path="/root/.ldap_admin_password" state=absent
   changed_when: False

roles/ldap_server/templates/ldap_admin_password.j2

➞

Show inline comments

testsite/group_vars/ldap.yml

➞

Show inline comments

@@ @@ -23,6 +23,7 @@ ldap_client_config: @@
     option: TLS_REQCERT
     value: demand
 ldap_admin_password: admin
 ldap_server_domain: "{{ testsite_domain }}"
 ldap_server_organization: "Example Inc."
 ldap_server_log_level: 256

0 comments (0 inline, 0 general)