|
new file 100644
|
|
|
---
|
|
|
|
|
|
# ldap_server role
|
|
|
ldap_admin_password: admin
|
|
|
ldap_entries:
|
|
|
|
|
|
# Users
|
|
|
- dn: uid=john,ou=people,dc=local
|
|
|
attributes:
|
|
|
objectClass:
|
|
|
- inetOrgPerson
|
|
|
- simpleSecurityObject
|
|
|
userPassword: johnpassword
|
|
|
uid: john
|
|
|
cn: John Doe
|
|
|
sn: Doe
|
|
|
mail: john.doe@domain1
|
|
|
- dn: uid=jane,ou=people,dc=local
|
|
|
attributes:
|
|
|
objectClass:
|
|
|
- inetOrgPerson
|
|
|
- simpleSecurityObject
|
|
|
userPassword: janepassword
|
|
|
uid: jane
|
|
|
cn: Jane Doe
|
|
|
sn: Doe
|
|
|
mail: jane.doe@domain2
|
|
|
|
|
|
- dn: uid=nomail,ou=people,dc=local
|
|
|
attributes:
|
|
|
objectClass:
|
|
|
- inetOrgPerson
|
|
|
- simpleSecurityObject
|
|
|
userPassword: nomailpassword
|
|
|
uid: nomail
|
|
|
cn: No Mail
|
|
|
sn: Mail
|
|
|
mail: nomail@domain1
|
|
|
|
|
|
# Groups
|
|
|
- dn: "cn=mail,ou=groups,dc=local"
|
|
|
state: append
|
|
|
attributes:
|
|
|
uniqueMember:
|
|
|
- uid=john,ou=people,dc=local
|
|
|
- uid=jane,ou=people,dc=local
|
|
|
|
|
|
# Domains
|
|
|
- dn: dc=domain1,ou=domains,ou=mail,ou=services,dc=local
|
|
|
attributes:
|
|
|
objectClass: dNSDomain
|
|
|
dc: domain1
|
|
|
|
|
|
- dn: dc=domain2,ou=domains,ou=mail,ou=services,dc=local
|
|
|
attributes:
|
|
|
objectClass: dNSDomain
|
|
|
dc: domain2
|
|
|
|
|
|
# Aliases
|
|
|
- dn: cn=postmaster@domain1,ou=aliases,ou=mail,ou=services,dc=local
|
|
|
attributes:
|
|
|
objectClass: nisMailAlias
|
|
|
cn: postmaster@domain1
|
|
|
rfc822MailMember: john.doe@domain1
|
|
|
|
|
|
- dn: cn=webmaster@domain2,ou=aliases,ou=mail,ou=services,dc=local
|
|
|
attributes:
|
|
|
objectClass: nisMailAlias
|
|
|
cn: webmaster@domain2
|
|
|
rfc822MailMember: jane.doe@domain2
|
|
|
|
|
|
ldap_server_consumers:
|
|
|
- name: postfix
|
|
|
password: postfixpassword
|
|
|
- name: dovecot
|
|
|
password: dovecotpassword
|
|
|
state: present
|
|
|
|
|
|
ldap_server_domain: "local"
|
|
|
ldap_server_groups:
|
|
|
- name: mail
|
|
|
ldap_server_organization: "Example"
|
|
|
ldap_server_tls_certificate: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.cert.pem') }}"
|
|
|
ldap_server_tls_key: "{{ lookup('file', 'tests/data/x509/ldap-server_ldap.key.pem') }}"
|
|
|
|
|
|
# common
|
|
|
ca_certificates:
|
|
|
testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"
|
|
|
|
|
|
# ldap_client
|
|
|
ldap_client_config:
|
|
|
- comment: CA truststore
|
|
|
option: TLS_CACERT
|
|
|
value: /etc/ssl/certs/testca.cert.pem
|
|
|
- comment: Ensure TLS is enforced
|
|
|
option: TLS_REQCERT
|
|
|
value: demand
|
|
|
- comment: Base DN
|
|
|
option: BASE
|
|
|
value: dc=local
|
|
|
- comment: URI
|
|
|
option: URI
|
|
|
value: ldapi:///
|
|
|
|
|
|
# backup_server role
|
|
|
backup_host_ssh_private_keys:
|
|
|
dsa: "{{ lookup('file', 'tests/data/ssh/server_dsa') }}"
|
|
|
rsa: "{{ lookup('file', 'tests/data/ssh/server_rsa') }}"
|
|
|
ed25519: "{{ lookup('file', 'tests/data/ssh/server_ed25519') }}"
|
|
|
ecdsa: "{{ lookup('file', 'tests/data/ssh/server_ecdsa') }}"
|
|
|
backup_clients:
|
|
|
- server: parameters-optional-j64
|
|
|
ip: 10.31.127.31
|
|
|
public_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
|