Files
@ 2b3af82bc50e
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/ldap.yml
2b3af82bc50e
3.2 KiB
text/x-yaml
MAR-98: Updated testsite to include another WSGI hello world role that utilises wsgi_requirements in wsgi_website role, as well as pip-tools. Purposefully installs some outdated packages for testing the upgrade checks.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | ---
local_mail_aliases:
root: "root john.doe@{{ testsite_domain }}"
smtp_relay_host: mail.{{ testsite_domain }}
smtp_relay_truststore: "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"
ldap_client_config:
- comment: Set the base DN
option: BASE
value: "{{ testsite_ldap_base }}"
- comment: Set the default URI
option: URI
value: ldapi:///
- comment: Set the default bind DN
option: BINDDN
value: cn=admin,{{ testsite_ldap_base }}
- comment: Set the LDAP TLS truststore
option: TLS_CACERT
value: /etc/ssl/certs/ca.pem
- comment: Enforce TLS
option: TLS_REQCERT
value: demand
ldap_admin_password: admin
ldap_server_consumers:
- name: prosody
password: prosody
- name: postfix
password: postfix
- name: dovecot
password: dovecot
- name: bollocks
password: "none"
state: absent
ldap_server_domain: "{{ testsite_domain }}"
ldap_server_groups:
- name: xmpp
- name: mail
- name: blimey
state: absent
ldap_server_organization: "Example Inc."
ldap_server_log_level: 256
ldap_server_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/ldap.' + testsite_domain + '_ldap.pem') }}"
ldap_server_tls_key: "{{ lookup('file', inventory_dir + '/tls/ldap.' + testsite_domain + '_ldap.key') }}"
ldap_server_ssf: 128
ldap_permissions:
- >-
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,{{ testsite_ldap_base }}" manage
by * break
- >-
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >-
to dn.base=""
by * read
- >-
to *
by self write
by dn="cn=admin,{{ testsite_ldap_base }}" write
by users read
by * none
ldap_entries:
- dn: uid=johndoe,ou=people,{{ testsite_ldap_base }}
attributes:
objectClass:
- inetOrgPerson
uid: johndoe
cn: John Doe
sn: Doe
userPassword: johndoe
mail: john.doe@{{ testsite_domain }}
- dn: uid=janedoe,ou=people,{{ testsite_ldap_base }}
attributes:
objectClass:
- inetOrgPerson
uid: janedoe
cn: Jane Doe
sn: Doe
userPassword: janedoe
mail: jane.doe@{{ testsite_domain }}
- dn: "cn=mail,ou=groups,{{ testsite_ldap_base }}"
state: append
attributes:
uniqueMember:
- uid=johndoe,ou=people,{{ testsite_ldap_base }}
- uid=janedoe,ou=people,{{ testsite_ldap_base }}
- dn: "cn=xmpp,ou=groups,{{ testsite_ldap_base }}"
state: append
attributes:
uniqueMember:
- uid=johndoe,ou=people,{{ testsite_ldap_base }}
- uid=janedoe,ou=people,{{ testsite_ldap_base }}
- dn: dc={{ testsite_domain }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
attributes:
objectClass: dNSDomain
dc: "{{ testsite_domain }}"
- dn: dc={{ testsite_domain_alternative }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
attributes:
objectClass: dNSDomain
dc: "{{ testsite_domain_alternative }}"
- dn: cn=postmaster@{{ testsite_domain }},ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
attributes:
objectClass: nisMailAlias
cn: postmaster@{{ testsite_domain }}
rfc822MailMember: john.doe@{{ testsite_domain }}
|