Files @ 298c0dbe1698
Branch filter:

Location: majic-ansible-roles/roles/ldap_server/tasks/main.yml

298c0dbe1698 2.3 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-4: Updated documentation for the mail server role, adding information about rsync installation, set-up of chroot for Postfix, and the smtp_allow_relay_from option. Updated mail_server role implementation, fixing rsync command for deploying the truststore to preserve truststore permissions and adding support for specifying networks from which unauthenticated relaying should be allowed.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
---

- name: Set domain for slapd
  debconf: name=slapd question=slapd/domain vtype=string value="{{ ldap_server_config.domain }}"

- name: Set organisation for slapd
  debconf: name=slapd question=slapd/organization vtype=string value="{{ ldap_server_config.organization }}"

- name: Install slapd
  apt: name=slapd state=installed

- name: Install Python LDAP bindings
  apt: name=python-ldap state=installed

- name: Enable slapd service
  service: name=slapd enabled=yes state=started

- name: Deploy system logger configuration file for slapd
  copy: src=slapd_rsyslog.conf dest=/etc/rsyslog.d/slapd.conf owner=root group=root mode=0644
  notify:
    - Restart rsyslog

- name: Deploy configuration file for log rotation of slapd logs
  copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644

- name: Change log level for slapd
  ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_config.log_level }}"

- name: Check if TLS private key is available
  stat: path="{{ ldap_server_config.tls_key }}"
  register: tls_key

- name: Check if TLS certificate is available
  stat: path="{{ ldap_server_config.tls_key }}"
  register: tls_certificate

- name: Configure TLS for slapd
  ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="{{ ldap_server_config.tls_certificate }}" olcTLSCertificateKeyFile="{{ ldap_server_config.tls_key }}"
  when: tls_key.stat.exists and tls_certificate.stat.exists
  notify:
    - Restart slapd

- name: Configure SSF
  ldap_entry: dn=cn=config state=replaceattributes olcSecurity=ssf="{{ ldap_server_config.ssf }}" olcLocalSSF="{{ ldap_server_config.ssf }}"

- name: Enable the memberof module
  ldap_entry: dn="cn=module{0},cn=config" state=addattributes olcModuleLoad="{1}memberof"

- name: Enable the memberof overlay for database
  ldap_entry:
    dn: "olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config"
    objectClass:
      - olcConfig
      - olcMemberOf
      - olcOverlayConfig
    olcOverlay: memberof
    olcMemberOfRefInt: "TRUE"
    olcMemberOfGroupOC: groupOfUniqueNames
    olcMemberOfMemberAD: uniqueMember

- name: Apply database permissions
  ldap_permissions:
    filter: "{{ item.filter }}"
    rules: "{{ item.rules }}"
  with_items: ldap_permissions

- name: Create LDAP entries
  ldap_entry: ""
  args: "{{ item }}"
  with_items: ldap_entries
This site is powered by Kallithea 0.7.0, which is © 2010–2023 by various authors & licensed under GPLv3.