Changeset - f7fe8adec8d3
Parent rev.
Child rev.
[Not reviewed]
0 2 0
Branko Majic (branko) - 10 years ago 2015-03-08 11:22:38
branko@majic.rs
MAR-1: Updated documentation about memberof overlay. Updated configuration of the memberof overlay.
2 files changed with 8 insertions and 0 deletions:
docs/rolereference.rst
5
roles/ldap_server/tasks/main.yml
3
0 comments (0 inline, 0 general)
docs/rolereference.rst
Show inline comments
 
@@ -339,24 +339,29 @@ Here is an example configuration for setting some common LDAP client options:
 
LDAP Server
 
-----------
 

			




	
	
	
		
 
The ``ldap_server`` role can be used for setting-up an OpenLDAP server on

			




	
	
	
		
 
destination machine.

			




	
	
	
		
 

			




	
	
	
		
 
The role implements the following:

			




	
	
	
		
 

			




	
	
	
		
 
* Installs OpenLDAP server (package ``slapd``).

			




	
	
	
		
 
* Configures OpenLDAP server (base DN - domain, organisation, TLS, SSF, log levels).

			




	
	
	
		
 
* Sets-up separate log file for OpenLDAP server at ``/var/log/slapd.log`` (with

			




	
	
	
		
 
  log rotation included).

			




	
	
	
		
 
* Enables the ``memberof`` overlay on top of default database. The overlay is

			




	
	
	
		
 
  configured to keep track of membership changes for object class

			




	
	
	
		
 
  ``groupOfUniqueNames`` via attribute ``uniqueMember``. Enforcement of

			




	
	
	
		
 
  referential integrity is turned on as well (modifications of ``memberof``

			




	
	
	
		
 
  attribute will update corresponding group as well.

			




	
	
	
		
 
* Configures permissions.

			




	
	
	
		
 
* Creates LDAP entries.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Parameters

			




	
	
	
		
 
~~~~~~~~~~

			




	
	
	
		
 

			




	
	
	
		
 
**ldap_server_config** (list, mandatory)

			




	
	
	
		
 
  A dictionary of configuration options for OpenLDAP server. The following

			




	
	
	
		
 
  configuration options are available:

			




	
	
	
		
 

			




	
	
	
		
 
  **domain** (string, mandatory)

			




        

    


    
    

    

        

                

                    roles/ldap_server/tasks/main.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -45,23 +45,26 @@

			




	
	
	
		
 

			




	
	
	
		
 
- name: Enable the memberof module

			




	
	
	
		
 
  ldap_entry: dn="cn=module{0},cn=config" state=addattributes olcModuleLoad="{1}memberof"

			




	
	
	
		
 

			




	
	
	
		
 
- name: Enable the memberof overlay for database

			




	
	
	
		
 
  ldap_entry:

			




	
	
	
		
 
    dn: "olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config"

			




	
	
	
		
 
    objectClass:

			




	
	
	
		
 
      - olcConfig

			




	
	
	
		
 
      - olcMemberOf

			




	
	
	
		
 
      - olcOverlayConfig

			




	
	
	
		
 
    olcOverlay: memberof

			




	
	
	
		
 
    olcMemberOfRefInt: "TRUE"

			




	
	
	
		
 
    olcMemberOfGroupOC: groupOfUniqueNames

			




	
	
	
		
 
    olcMemberOfMemberAD: uniqueMember

			




	
	
	
		
 

			




	
	
	
		
 
- name: Apply database permissions

			




	
	
	
		
 
  ldap_permissions:

			




	
	
	
		
 
    filter: "{{ item.filter }}"

			




	
	
	
		
 
    rules: "{{ item.rules }}"

			




	
	
	
		
 
  with_items: ldap_permissions

			




	
	
	
		
 

			




	
	
	
		
 
- name: Create LDAP entries

			




	
	
	
		
 
  ldap_entry: ""

			




	
	
	
		
 
  args: "{{ item }}"

			




	
	
	
		
 
  with_items: ldap_entries

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2024 by various authors & licensed under GPLv3.