Changeset - f7fe8adec8d3
[Not reviewed]
0 2 0
Branko Majic (branko) - 10 years ago 2015-03-08 11:22:38
branko@majic.rs
MAR-1: Updated documentation about memberof overlay. Updated configuration of the memberof overlay.
2 files changed with 8 insertions and 0 deletions:
0 comments (0 inline, 0 general)
docs/rolereference.rst
Show inline comments
 
@@ -345,12 +345,17 @@ destination machine.
 
The role implements the following:
 

	
 
* Installs OpenLDAP server (package ``slapd``).
 
* Configures OpenLDAP server (base DN - domain, organisation, TLS, SSF, log levels).
 
* Sets-up separate log file for OpenLDAP server at ``/var/log/slapd.log`` (with
 
  log rotation included).
 
* Enables the ``memberof`` overlay on top of default database. The overlay is
 
  configured to keep track of membership changes for object class
 
  ``groupOfUniqueNames`` via attribute ``uniqueMember``. Enforcement of
 
  referential integrity is turned on as well (modifications of ``memberof``
 
  attribute will update corresponding group as well.
 
* Configures permissions.
 
* Creates LDAP entries.
 

	
 

	
 
Parameters
 
~~~~~~~~~~
roles/ldap_server/tasks/main.yml
Show inline comments
 
@@ -51,12 +51,15 @@
 
    dn: "olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config"
 
    objectClass:
 
      - olcConfig
 
      - olcMemberOf
 
      - olcOverlayConfig
 
    olcOverlay: memberof
 
    olcMemberOfRefInt: "TRUE"
 
    olcMemberOfGroupOC: groupOfUniqueNames
 
    olcMemberOfMemberAD: uniqueMember
 

	
 
- name: Apply database permissions
 
  ldap_permissions:
 
    filter: "{{ item.filter }}"
 
    rules: "{{ item.rules }}"
 
  with_items: ldap_permissions
0 comments (0 inline, 0 general)