@@ -82,4 +82,23 @@
- name: Deploy firewall configuration for LDAP
copy: src="ferm_ldap.conf" dest="/etc/ferm/conf.d/10-ldap.conf" owner=root group=root mode=640
notify:
- Restart ferm
\ No newline at end of file
- name: Deploy temporary file with LDAP admin password
template: src="ldap_admin_password.j2" dest="/root/.ldap_admin_password"
owner=root group=root mode=400
changed_when: False
- name: Test if LDAP admin password needs to be changed
command: ldapwhoami -D "cn=admin,{{ ldap_server_int_basedn }}" -x -y /root/.ldap_admin_password
register: ldap_admin_password_check
changed_when: ldap_admin_password_check.rc != 0
failed_when: False
- name: Update LDAP admin password
command: ldappasswd -Y EXTERNAL -H ldapi:/// "cn=admin,{{ ldap_server_int_basedn }}" -T /root/.ldap_admin_password
when: ldap_admin_password_check.rc != 0
- name: Remove temporary file with LDAP admin password
file: path="/root/.ldap_admin_password" state=absent