Files
@ 375f54472644
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/ldap.yml
375f54472644
3.4 KiB
text/x-yaml
MAR-4: Added LDAP sub-tree for storing mail server information (domains and aliases) in test site.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | ---
ldap_client_config:
- comment: Set the base DN
option: BASE
value: dc=example,dc=com
- comment: Set the default URI
option: URI
value: ldapi:///
- comment: Set the default bind DN
option: BINDDN
value: cn=admin,dc=example,dc=com
- comment: Set the LDAP TLS truststore
option: TLS_CACERT
value: /etc/ssl/certs/truststore.pem
ldap_server_config:
domain: "example.com"
organization: "Example Inc."
log_level: 256
tls_certificate: /etc/ssl/certs/ldap.example.com.pem
tls_key: /etc/ssl/private/ldap.example.com.pem
ssf: 128
ldap_permissions:
- filter: '(olcSuffix=dc=example,dc=com)'
rules:
- >
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,dc=example,dc=com" manage
by * break
- >
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >
to dn.base=""
by * read
- >
to *
by self write
by dn="cn=admin,dc=example,dc=com" write
by users read
by * none
ldap_entries:
- dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people
- dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
- dn: ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: services
- dn: uid=johndoe,ou=people,dc=example,dc=com
objectClass:
- inetOrgPerson
uid: johndoe
cn: John Doe
sn: Doe
userPassword: johndoe
mail: john.doe@example.com
- dn: uid=janedoe,ou=people,dc=example,dc=com
objectClass:
- inetOrgPerson
uid: janedoe
cn: Jane Doe
sn: Doe
userPassword: janedoe
mail: jane.doe@example.com
- dn: cn=xmpp,ou=services,dc=example,dc=com
objectClass:
- applicationProcess
- simpleSecurityObject
cn: xmpp
userPassword: xmpp
- dn: cn=xmpp,ou=groups,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: xmpp
uniqueMember:
- uid=johndoe,ou=people,dc=example,dc=com
- uid=janedoe,ou=people,dc=example,dc=com
- dn: cn=postfix,ou=services,dc=example,dc=com
objectClass:
- applicationProcess
- simpleSecurityObject
cn: postfix
userPassword: postfix
- dn: cn=dovecot,ou=services,dc=example,dc=com
objectClass:
- applicationProcess
- simpleSecurityObject
cn: dovecot
userPassword: dovecot
- dn: cn=mail,ou=groups,dc=example,dc=com
objectClass: groupOfUniqueNames
cn: mail
uniqueMember:
- uid=johndoe,ou=people,dc=example,dc=com
- uid=janedoe,ou=people,dc=example,dc=com
- dn: ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: mail
- dn: ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: domains
- dn: ou=aliases,ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: aliases
- dn: ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: organizationalUnit
ou: domains
- dn: dc=example.com,ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: dNSDomain
dc: example.com
- dn: dc=example.org,ou=domains,ou=mail,ou=services,dc=example,dc=com
objectClass: dNSDomain
dc: example.org
- dn: cn=postfix@example.com,ou=aliases,ou=mail,ou=services,dc=example,dc=com
objectClass: nisMailAlias
cn: postfix@example.com
rfc822MailMember: john.doe@example.com
|