Files @ 4ec22e55e05b
Branch filter:

Location: majic-ansible-roles/testsite/group_vars/ldap.yml

4ec22e55e05b 2.8 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-218: Update metadata information for all roles:

- Bump minimum Ansible version.
- Add missing metadata.
- Use named release for platform (Debian) version.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
---

local_mail_aliases:
  root: "root john.doe@{{ testsite_domain }}"

smtp_relay_host: mail.{{ testsite_domain }}
smtp_relay_truststore: "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"

ldap_client_config:
  - comment: Set the base DN
    option: BASE
    value: "{{ testsite_ldap_base }}"
  - comment: Set the default URI
    option: URI
    value: ldapi:///
  - comment: Set the default bind DN
    option: BINDDN
    value: cn=admin,{{ testsite_ldap_base }}
  - comment: Set the LDAP TLS truststore
    option: TLS_CACERT
    value: /etc/ssl/certs/ca.pem
  - comment: Enforce TLS
    option: TLS_REQCERT
    value: demand

ldap_admin_password: admin
ldap_server_consumers:
  - name: prosody
    password: prosody
  - name: postfix
    password: postfix
  - name: dovecot
    password: dovecot
  - name: bollocks
    password: "none"
    state: absent
ldap_server_domain: "{{ testsite_domain }}"
ldap_server_groups:
  - name: xmpp
  - name: mail
  - name: blimey
    state: absent
ldap_server_organization: "Example Inc."
ldap_server_log_level: 256
ldap_server_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/ldap.' + testsite_domain + '_ldap.pem') }}"
ldap_server_tls_key: "{{ lookup('file', inventory_dir + '/tls/ldap.' + testsite_domain + '_ldap.key') }}"
ldap_server_ssf: 128

ldap_permissions:
  - >-
      to *
      by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
      by dn="cn=admin,{{ testsite_ldap_base }}" manage
      by * break
  - >-
      to attrs=userPassword,shadowLastChange
      by self write
      by anonymous auth
      by * none
  - >-
      to dn.base=""
      by * read
  - >-
      to *
      by self write
      by dn="cn=admin,{{ testsite_ldap_base }}" write
      by users read
      by * none

ldap_entries:
  - dn: uid=johndoe,ou=people,{{ testsite_ldap_base }}
    attributes:
      objectClass:
        - inetOrgPerson
      uid: johndoe
      cn: John Doe
      sn: Doe
      userPassword: johndoe
      mail: john.doe@{{ testsite_domain }}
  - dn: uid=janedoe,ou=people,{{ testsite_ldap_base }}
    attributes:
      objectClass:
        - inetOrgPerson
      uid: janedoe
      cn: Jane Doe
      sn: Doe
      userPassword: janedoe
      mail: jane.doe@{{ testsite_domain }}
  - dn: dc={{ testsite_domain }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
    attributes:
      objectClass: dNSDomain
      dc: "{{ testsite_domain }}"
  - dn: dc={{ testsite_domain_alternative }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
    attributes:
      objectClass: dNSDomain
      dc: "{{ testsite_domain_alternative }}"
  - dn: cn=postmaster@{{ testsite_domain }},ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
    attributes:
      objectClass: nisMailAlias
      cn: postmaster@{{ testsite_domain }}
      rfc822MailMember: john.doe@{{ testsite_domain }}
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.