Files @ 467a66f3ec65
Branch filter:

Location: majic-ansible-roles/testsite/group_vars/ldap.yml

467a66f3ec65 4.8 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-5: Added handler for reloading systemd configuration to common role. Dropped installation of supervisor as part of web server role. Updted web server role to create directory for storing WSGI application sockets. Updated web server role to use correct directory for storing PHP website sockets.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
---

local_mail_aliases:
  root: "root john.doe@example.com"

smtp_relay_host: mail.example.com
smtp_relay_truststore: /etc/ssl/certs/example_ca_chain.pem

ldap_client_config:
  - comment: Set the base DN
    option: BASE
    value: dc=example,dc=com
  - comment: Set the default URI
    option: URI
    value: ldapi:///
  - comment: Set the default bind DN
    option: BINDDN
    value: cn=admin,dc=example,dc=com
  - comment: Set the LDAP TLS truststore
    option: TLS_CACERT
    value: /etc/ssl/certs/example_ca_chain.pem

ldap_server_config:
  domain: "example.com"
  organization: "Example Inc."
  log_level: 256
  tls_certificate: "{{ inventory_dir }}/tls/ldap.example.com_ldap.pem"
  tls_key: "{{ inventory_dir }}/tls/ldap.example.com_ldap.key"
  ssf: 128

ldap_permissions:
  - filter: '(olcSuffix=dc=example,dc=com)'
    rules:
      - >
        to *
        by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
        by dn="cn=admin,dc=example,dc=com" manage
        by * break
      - >
        to attrs=userPassword,shadowLastChange
        by self write
        by anonymous auth
        by * none
      - >
        to dn.base=""
        by * read
      - >
        to *
        by self write
        by dn="cn=admin,dc=example,dc=com" write
        by users read
        by * none

ldap_entries:
  - dn: "cn={4}misc,cn=schema,cn=config"
    objectClass: olcSchemaConfig
    cn: "{4}misc"
    olcAttributeTypes:
      - "{0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )"
      - "{1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
      - "{2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
      - "{3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
    olcObjectClasses:
    - "{0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )"
    - "{1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )"
  - dn: ou=people,dc=example,dc=com
    objectClass: organizationalUnit
    ou: people
  - dn: ou=groups,dc=example,dc=com
    objectClass: organizationalUnit
    ou: groups
  - dn: ou=services,dc=example,dc=com
    objectClass: organizationalUnit
    ou: services
  - dn: uid=johndoe,ou=people,dc=example,dc=com
    objectClass:
      - inetOrgPerson
    uid: johndoe
    cn: John Doe
    sn: Doe
    userPassword: johndoe
    mail: john.doe@example.com
  - dn: uid=janedoe,ou=people,dc=example,dc=com
    objectClass:
      - inetOrgPerson
    uid: janedoe
    cn: Jane Doe
    sn: Doe
    userPassword: janedoe
    mail: jane.doe@example.com
  - dn: cn=xmpp,ou=services,dc=example,dc=com
    objectClass:
      - applicationProcess
      - simpleSecurityObject
    cn: xmpp
    userPassword: xmpp
  - dn: cn=xmpp,ou=groups,dc=example,dc=com
    objectClass: groupOfUniqueNames
    cn: xmpp
    uniqueMember:
      - uid=johndoe,ou=people,dc=example,dc=com
      - uid=janedoe,ou=people,dc=example,dc=com
  - dn: cn=postfix,ou=services,dc=example,dc=com
    objectClass:
      - applicationProcess
      - simpleSecurityObject
    cn: postfix
    userPassword: postfix
  - dn: cn=dovecot,ou=services,dc=example,dc=com
    objectClass:
      - applicationProcess
      - simpleSecurityObject
    cn: dovecot
    userPassword: dovecot
  - dn: cn=mail,ou=groups,dc=example,dc=com
    objectClass: groupOfUniqueNames
    cn: mail
    uniqueMember:
      - uid=johndoe,ou=people,dc=example,dc=com
      - uid=janedoe,ou=people,dc=example,dc=com
  - dn: ou=mail,ou=services,dc=example,dc=com
    objectClass: organizationalUnit
    ou: mail
  - dn: ou=domains,ou=mail,ou=services,dc=example,dc=com
    objectClass: organizationalUnit
    ou: domains
  - dn: ou=aliases,ou=mail,ou=services,dc=example,dc=com
    objectClass: organizationalUnit
    ou: aliases
  - dn: ou=domains,ou=mail,ou=services,dc=example,dc=com
    objectClass: organizationalUnit
    ou: domains
  - dn: dc=example.com,ou=domains,ou=mail,ou=services,dc=example,dc=com
    objectClass: dNSDomain
    dc: example.com
  - dn: dc=example.org,ou=domains,ou=mail,ou=services,dc=example,dc=com
    objectClass: dNSDomain
    dc: example.org
  - dn: cn=postmaster@example.com,ou=aliases,ou=mail,ou=services,dc=example,dc=com
    objectClass: nisMailAlias
    cn: postmaster@example.com
    rfc822MailMember: john.doe@example.com
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.