diff --git a/docs/usage.rst b/docs/usage.rst index 1f0b7de679c065a6ea5ff234fca23bb84e77490a..ab181ef05532d199fd247ebc0f51116102a03010 100644 --- a/docs/usage.rst +++ b/docs/usage.rst @@ -655,9 +655,11 @@ one up first. This includes both the LDAP *server* and *client* configuration. - common - ldap_client -3. Time to configure the roles. For start, let us configure the LDAP server - role. Keep in mind that there is a lot of default variables set-up by the - role itself, making our config rather short. +3. Time to configure the roles. For start, let us configure the LDAP + server role. Keep in mind that there is a lot of default variables + set-up by the role itself, making our config rather short. The + ``ldap_server_domain`` parameter will be used to form the base DN + of the LDAP directory (resulting in ``dc=example,dc=com``). :file:`~/mysite/group_vars/communications.yml` :: @@ -665,15 +667,17 @@ one up first. This includes both the LDAP *server* and *client* configuration. --- ldap_admin_password: admin + + ldap_server_domain: example.com ldap_server_organization: "Example Inc." ldap_server_tls_certificate: "{{ lookup('file', '~/mysite/tls/comms.example.com_ldap.pem') }}" ldap_server_tls_key: "{{ lookup('file', '~/mysite/tls/comms.example.com_ldap.key') }}" 4. Phew. That was... Well, actually, easy :) Technically, only the - LDAP admin password and TLS certificate/key *must* be set, but it - is nice to have organisation explicitly specified as well (instead - of using whatever Debian picks as default). Let us add the LDAP - client configuration next. We will start off with global LDAP + LDAP admin password, domain, and TLS certificate/key *must* be set, + but it is nice to have organisation explicitly specified as well + (instead of using whatever Debian picks as default). Let us add the + LDAP client configuration next. We will start off with global LDAP client configuration. In case of the LDAP client role, we have got to be a bit more explicit.