Files @ 467a66f3ec65
Branch filter:

Location: majic-ansible-roles/roles/ldap_server/tasks/main.yml

467a66f3ec65 3.0 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-5: Added handler for reloading systemd configuration to common role. Dropped installation of supervisor as part of web server role. Updted web server role to create directory for storing WSGI application sockets. Updated web server role to use correct directory for storing PHP website sockets.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
---

- name: Set domain for slapd
  debconf: name=slapd question=slapd/domain vtype=string value="{{ ldap_server_config.domain }}"

- name: Set organisation for slapd
  debconf: name=slapd question=slapd/organization vtype=string value="{{ ldap_server_config.organization }}"

- name: Install slapd
  apt: name=slapd state=installed

- name: Allow OpenLDAP user to traverse the directory with TLS private keys
  user: name=openldap append=yes groups=ssl-cert
  register: openldap_in_ssl_cert

- name: Restart slapd if group membership has changed
  service: name=slapd state=restarted
  when: openldap_in_ssl_cert.changed

- name: Install Python LDAP bindings
  apt: name=python-ldap state=installed

- name: Enable slapd service
  service: name=slapd enabled=yes state=started

- name: Deploy system logger configuration file for slapd
  copy: src=slapd_rsyslog.conf dest=/etc/rsyslog.d/slapd.conf owner=root group=root mode=0644
  notify:
    - Restart rsyslog

- name: Deploy configuration file for log rotation of slapd logs
  copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644

- name: Change log level for slapd
  ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_config.log_level }}"

- name: Deploy LDAP TLS private key
  copy: dest="/etc/ssl/private/{{ ldap_server_config.tls_key | basename }}" src="{{ ldap_server_config.tls_key }}"
        mode=640 owner=root group=openldap
  notify:
    - Restart slapd

- name: Deploy LDAP TLS certificate
  copy: dest="/etc/ssl/certs/{{ ldap_server_config.tls_certificate | basename }}" src="{{ ldap_server_config.tls_certificate }}"
        mode=644 owner=root group=root
  notify:
    - Restart slapd

- name: Configure TLS for slapd
  ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="/etc/ssl/certs/{{ ldap_server_config.tls_certificate | basename }}" olcTLSCertificateKeyFile="/etc/ssl/private/{{ ldap_server_config.tls_key | basename }}"
  notify:
    - Restart slapd

- name: Configure SSF
  ldap_entry: dn=cn=config state=replaceattributes olcSecurity=ssf="{{ ldap_server_config.ssf }}" olcLocalSSF="{{ ldap_server_config.ssf }}"

- name: Enable the memberof module
  ldap_entry: dn="cn=module{0},cn=config" state=addattributes olcModuleLoad="{1}memberof"

- name: Enable the memberof overlay for database
  ldap_entry:
    dn: "olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config"
    objectClass:
      - olcConfig
      - olcMemberOf
      - olcOverlayConfig
    olcOverlay: memberof
    olcMemberOfRefInt: "TRUE"
    olcMemberOfGroupOC: groupOfUniqueNames
    olcMemberOfMemberAD: uniqueMember

- name: Apply database permissions
  ldap_permissions:
    filter: "{{ item.filter }}"
    rules: "{{ item.rules }}"
  with_items: ldap_permissions

- name: Create LDAP entries
  ldap_entry: ""
  args: "{{ item }}"
  with_items: ldap_entries

- name: Deploy firewall configuration for LDAP
  copy: src="ferm_ldap.conf" dest="/etc/ferm/conf.d/10-ldap.conf" owner=root group=root mode=640
  notify:
    - Restart ferm
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.