diff --git a/testsite/group_vars/ldap.yml b/testsite/group_vars/ldap.yml index 861e5e5a3584b735e27fb912133fc8336c2eb3be..591cbeb732a8a83057720db217fd1cc75456a778 100644 --- a/testsite/group_vars/ldap.yml +++ b/testsite/group_vars/ldap.yml @@ -1,40 +1,40 @@ --- local_mail_aliases: - root: "root john.doe@example.com" + root: "root john.doe@{{ testsite_domain }}" -smtp_relay_host: mail.example.com +smtp_relay_host: mail.{{ testsite_domain }} smtp_relay_truststore: /etc/ssl/certs/example_ca_chain.pem ldap_client_config: - comment: Set the base DN option: BASE - value: dc=example,dc=com + value: "{{ testsite_ldap_base }}" - comment: Set the default URI option: URI value: ldapi:/// - comment: Set the default bind DN option: BINDDN - value: cn=admin,dc=example,dc=com + value: cn=admin,{{ testsite_ldap_base }} - comment: Set the LDAP TLS truststore option: TLS_CACERT value: /etc/ssl/certs/example_ca_chain.pem ldap_server_config: - domain: "example.com" + domain: "{{ testsite_domain }}" organization: "Example Inc." log_level: 256 - tls_certificate: "{{ inventory_dir }}/tls/ldap.example.com_ldap.pem" - tls_key: "{{ inventory_dir }}/tls/ldap.example.com_ldap.key" + tls_certificate: "{{ inventory_dir }}/tls/ldap.{{ testsite_domain }}_ldap.pem" + tls_key: "{{ inventory_dir }}/tls/ldap.{{ testsite_domain }}_ldap.key" ssf: 128 ldap_permissions: - - filter: '(olcSuffix=dc=example,dc=com)' + - filter: '(olcSuffix={{ testsite_ldap_base }})' rules: - > to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage - by dn="cn=admin,dc=example,dc=com" manage + by dn="cn=admin,{{ testsite_ldap_base }}" manage by * break - > to attrs=userPassword,shadowLastChange @@ -47,7 +47,7 @@ ldap_permissions: - > to * by self write - by dn="cn=admin,dc=example,dc=com" write + by dn="cn=admin,{{ testsite_ldap_base }}" write by users read by * none @@ -63,80 +63,80 @@ ldap_entries: olcObjectClasses: - "{0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )" - "{1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )" - - dn: ou=people,dc=example,dc=com + - dn: ou=people,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: people - - dn: ou=groups,dc=example,dc=com + - dn: ou=groups,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: groups - - dn: ou=services,dc=example,dc=com + - dn: ou=services,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: services - - dn: uid=johndoe,ou=people,dc=example,dc=com + - dn: uid=johndoe,ou=people,{{ testsite_ldap_base }} objectClass: - inetOrgPerson uid: johndoe cn: John Doe sn: Doe userPassword: johndoe - mail: john.doe@example.com - - dn: uid=janedoe,ou=people,dc=example,dc=com + mail: john.doe@{{ testsite_domain }} + - dn: uid=janedoe,ou=people,{{ testsite_ldap_base }} objectClass: - inetOrgPerson uid: janedoe cn: Jane Doe sn: Doe userPassword: janedoe - mail: jane.doe@example.com - - dn: cn=xmpp,ou=services,dc=example,dc=com + mail: jane.doe@{{ testsite_domain }} + - dn: cn=xmpp,ou=services,{{ testsite_ldap_base }} objectClass: - applicationProcess - simpleSecurityObject cn: xmpp userPassword: xmpp - - dn: cn=xmpp,ou=groups,dc=example,dc=com + - dn: cn=xmpp,ou=groups,{{ testsite_ldap_base }} objectClass: groupOfUniqueNames cn: xmpp uniqueMember: - - uid=johndoe,ou=people,dc=example,dc=com - - uid=janedoe,ou=people,dc=example,dc=com - - dn: cn=postfix,ou=services,dc=example,dc=com + - uid=johndoe,ou=people,{{ testsite_ldap_base }} + - uid=janedoe,ou=people,{{ testsite_ldap_base }} + - dn: cn=postfix,ou=services,{{ testsite_ldap_base }} objectClass: - applicationProcess - simpleSecurityObject cn: postfix userPassword: postfix - - dn: cn=dovecot,ou=services,dc=example,dc=com + - dn: cn=dovecot,ou=services,{{ testsite_ldap_base }} objectClass: - applicationProcess - simpleSecurityObject cn: dovecot userPassword: dovecot - - dn: cn=mail,ou=groups,dc=example,dc=com + - dn: cn=mail,ou=groups,{{ testsite_ldap_base }} objectClass: groupOfUniqueNames cn: mail uniqueMember: - - uid=johndoe,ou=people,dc=example,dc=com - - uid=janedoe,ou=people,dc=example,dc=com - - dn: ou=mail,ou=services,dc=example,dc=com + - uid=johndoe,ou=people,{{ testsite_ldap_base }} + - uid=janedoe,ou=people,{{ testsite_ldap_base }} + - dn: ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: mail - - dn: ou=domains,ou=mail,ou=services,dc=example,dc=com + - dn: ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: domains - - dn: ou=aliases,ou=mail,ou=services,dc=example,dc=com + - dn: ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: aliases - - dn: ou=domains,ou=mail,ou=services,dc=example,dc=com + - dn: ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: organizationalUnit ou: domains - - dn: dc=example.com,ou=domains,ou=mail,ou=services,dc=example,dc=com + - dn: dc={{ testsite_domain }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: dNSDomain - dc: example.com - - dn: dc=example.org,ou=domains,ou=mail,ou=services,dc=example,dc=com + dc: "{{ testsite_domain }}" + - dn: dc={{ testsite_domain_alternative }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: dNSDomain - dc: example.org - - dn: cn=postmaster@example.com,ou=aliases,ou=mail,ou=services,dc=example,dc=com + dc: "{{ testsite_domain_alternative }}" + - dn: cn=postmaster@{{ testsite_domain }},ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }} objectClass: nisMailAlias - cn: postmaster@example.com - rfc822MailMember: john.doe@example.com + cn: postmaster@{{ testsite_domain }} + rfc822MailMember: john.doe@{{ testsite_domain }}