Files @ 6b57aabf9556
Branch filter:

Location: majic-ansible-roles/roles/ldap_server/tasks/main.yml

6b57aabf9556 1.9 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-1: Fixed the handling of state addattributes in ldap_entry module to be more optimal (which also fixes some issues with cn=config additions related to inability to remove some attribute values).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
---

- name: Set domain for slapd
  debconf: name=slapd question=slapd/domain vtype=string value="{{ ldap_server_config.domain }}"

- name: Set organisation for slapd
  debconf: name=slapd question=slapd/organization vtype=string value="{{ ldap_server_config.organization }}"

- name: Install slapd
  apt: name=slapd state=installed

- name: Install Python LDAP bindings
  apt: name=python-ldap state=installed

- name: Enable slapd service
  service: name=slapd enabled=yes state=started

- name: Deploy system logger configuration file for slapd
  copy: src=slapd_rsyslog.conf dest=/etc/rsyslog.d/slapd.conf owner=root group=root mode=0644
  notify:
    - Restart rsyslog

- name: Deploy configuration file for log rotation of slapd logs
  copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644

- name: Change log level for slapd
  ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_config.log_level }}"

- name: Check if TLS private key is available
  stat: path="{{ ldap_server_config.tls_key }}"
  register: tls_key

- name: Check if TLS certificate is available
  stat: path="{{ ldap_server_config.tls_key }}"
  register: tls_certificate

- name: Configure TLS for slapd
  ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="{{ ldap_server_config.tls_certificate }}" olcTLSCertificateKeyFile="{{ ldap_server_config.tls_key }}"
  when: tls_key.stat.exists and tls_certificate.stat.exists
  notify:
    - Restart slapd

- name: Configure SSF
  ldap_entry: dn=cn=config state=replaceattributes olcSecurity=ssf="{{ ldap_server_config.ssf }}" olcLocalSSF="{{ ldap_server_config.ssf }}"

- name: Apply database permissions
  ldap_permissions:
    filter: "{{ item.filter }}"
    rules: "{{ item.rules }}"
  with_items: ldap_permissions

- name: Create LDAP entries
  ldap_entry: ""
  args: "{{ item }}"
  with_items: ldap_entries
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.