diff --git a/docs/usage.rst b/docs/usage.rst index cb1b89768ea7b5e34d4b05a01121b1f74f713624..f22ea95e051752b4555607a9c2303a9638685f34 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -766,20 +766,6 @@ role. userPassword: janedoe mail: jane.doe@example.com - # Now, let's add the two users to the mail group. Observe that we use - # the "state: append" option. This is a bit of a cheat since the - # ldap_entries option passes the provided entries directly to the - # m_ldap_entry module (this is a custom module, not to be confused with - # the official ldap_entry module). "state: append" will make sure we - # don't overwrite the group, and instead add the attributes to it (in - # this case we add the two users from above). - - dn: cn=mail,ou=groups,dc=example,dc=com - state: append - attributes: - uniqueMember: - - uid=johndoe,ou=people,dc=example,dc=com - - uid=janedoe,ou=people,dc=example,dc=com - # Let's register our domain in LDAP directory. - dn: dc=example.com,ou=domains,ou=mail,ou=services,dc=example,dc=com attributes: @@ -795,7 +781,14 @@ role. cn: postmaster@example.com rfc822MailMember: john.doe@example.com -5. Once again, before we apply the configuration, we must make sure the +5. Let's add the two users to the mail group (otherwise, the mail + server will ignore them). We'll use the ``ldap_attr`` module + directly to make our life a bit easier:: + + workon mysite && ansible --become -m ldap_attr -a "dn=cn=mail,ou=groups,dc=example,dc=com state=present name=uniqueMember value=uid=johndoe,ou=people,dc=example,dc=com" communications + workon mysite && ansible --become -m ldap_attr -a "dn=cn=mail,ou=groups,dc=example,dc=com state=present name=uniqueMember value=uid=janedoe,ou=people,dc=example,dc=com" communications + +6. Once again, before we apply the configuration, we must make sure the necessary TLS private keys and certificates are available. In this particular case, we need to set-up separate key/certificate pair for both the SMTP and IMAP service: @@ -833,11 +826,11 @@ role. certtool --sec-param normal --generate-privkey --outfile ~/mysite/tls/comms.example.com_imap.key certtool --generate-certificate --load-ca-privkey ~/mysite/tls/ca.key --load-ca-certificate ~/mysite/tls/ca.pem --template ~/mysite/tls/comms.example.com_imap.cfg --load-privkey ~/mysite/tls/comms.example.com_imap.key --outfile ~/mysite/tls/comms.example.com_imap.pem -6. Configuration and TLS keys have ben set-up, so it is time to apply the changes:: +7. Configuration and TLS keys have ben set-up, so it is time to apply the changes:: workon mysite && ansible-playbook playbooks/site.yml -7. If no errors have been reported, at this point you should have two mail +8. If no errors have been reported, at this point you should have two mail accounts - ``john.doe@example.com``, with password ``johndoe``, and ``jane.doe@example.com``, with password ``janedoe``. In this particular set-up, the mail addresses are used as usernames. If you want to test it out, @@ -1030,25 +1023,10 @@ role. Same warning applies here as for mail server role for managing the user/group entries! Scroll up and re-read it if you missed it! - :file:`~/mysite/group_vars/communications.yml` :: - # Don't replace the entire ldap_entries, just append the new group - # modification. - ldap_entries: - # Add the two users to the xmpp group. Observe that we use - # the "state: append" option. This is a bit of a cheat since the - # ldap_entries option passes the provided entries directly to the - # m_ldap_entry module (this is a custom module, not to be confused - # with the official ldap_entry module). "state: append" will make sure - # we don't overwrite the group, and instead add the attributes to it - # (in this case we add the two users). - - dn: cn=xmpp,ou=groups,dc=example,dc=com - state: append - attributes: - uniqueMember: - - uid=johndoe,ou=people,dc=example,dc=com - - uid=janedoe,ou=people,dc=example,dc=com + workon mysite && ansible --become -m ldap_attr -a "dn=cn=xmpp,ou=groups,dc=example,dc=com state=present name=uniqueMember value=uid=johndoe,ou=people,dc=example,dc=com" communications + workon mysite && ansible --become -m ldap_attr -a "dn=cn=xmpp,ou=groups,dc=example,dc=com state=present name=uniqueMember value=uid=janedoe,ou=people,dc=example,dc=com" communications 5. Do you know what comes next? Yes! Create some more TLS private keys and certificates, this time for our XMPP server ;)