Files
@ 70733167cdf8
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/ldap.yml
70733167cdf8
5.1 KiB
text/x-yaml
MAR-9: Created small utility playbook in testsite for generating the necessary TLS keys and certificates. Updated testsite configuration to be slightly different (no need for separate chain file I think).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 | ---
local_mail_aliases:
root: "root john.doe@{{ testsite_domain }}"
smtp_relay_host: mail.{{ testsite_domain }}
smtp_relay_truststore: /etc/ssl/certs/ca.pem
ldap_client_config:
- comment: Set the base DN
option: BASE
value: "{{ testsite_ldap_base }}"
- comment: Set the default URI
option: URI
value: ldapi:///
- comment: Set the default bind DN
option: BINDDN
value: cn=admin,{{ testsite_ldap_base }}
- comment: Set the LDAP TLS truststore
option: TLS_CACERT
value: /etc/ssl/certs/ca.pem
ldap_server_config:
domain: "{{ testsite_domain }}"
organization: "Example Inc."
log_level: 256
tls_certificate: "{{ inventory_dir }}/tls/ldap.{{ testsite_domain }}_ldap.pem"
tls_key: "{{ inventory_dir }}/tls/ldap.{{ testsite_domain }}_ldap.key"
ssf: 128
ldap_permissions:
- filter: '(olcSuffix={{ testsite_ldap_base }})'
rules:
- >
to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by dn="cn=admin,{{ testsite_ldap_base }}" manage
by * break
- >
to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by * none
- >
to dn.base=""
by * read
- >
to *
by self write
by dn="cn=admin,{{ testsite_ldap_base }}" write
by users read
by * none
ldap_entries:
- dn: "cn={4}misc,cn=schema,cn=config"
objectClass: olcSchemaConfig
cn: "{4}misc"
olcAttributeTypes:
- "{0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )"
- "{1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
- "{2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DESC 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )"
- "{3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
olcObjectClasses:
- "{0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )"
- "{1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )"
- dn: ou=people,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: people
- dn: ou=groups,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: groups
- dn: ou=services,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: services
- dn: uid=johndoe,ou=people,{{ testsite_ldap_base }}
objectClass:
- inetOrgPerson
uid: johndoe
cn: John Doe
sn: Doe
userPassword: johndoe
mail: john.doe@{{ testsite_domain }}
- dn: uid=janedoe,ou=people,{{ testsite_ldap_base }}
objectClass:
- inetOrgPerson
uid: janedoe
cn: Jane Doe
sn: Doe
userPassword: janedoe
mail: jane.doe@{{ testsite_domain }}
- dn: cn=xmpp,ou=services,{{ testsite_ldap_base }}
objectClass:
- applicationProcess
- simpleSecurityObject
cn: xmpp
userPassword: xmpp
- dn: cn=xmpp,ou=groups,{{ testsite_ldap_base }}
objectClass: groupOfUniqueNames
cn: xmpp
uniqueMember:
- uid=johndoe,ou=people,{{ testsite_ldap_base }}
- uid=janedoe,ou=people,{{ testsite_ldap_base }}
- dn: cn=postfix,ou=services,{{ testsite_ldap_base }}
objectClass:
- applicationProcess
- simpleSecurityObject
cn: postfix
userPassword: postfix
- dn: cn=dovecot,ou=services,{{ testsite_ldap_base }}
objectClass:
- applicationProcess
- simpleSecurityObject
cn: dovecot
userPassword: dovecot
- dn: cn=mail,ou=groups,{{ testsite_ldap_base }}
objectClass: groupOfUniqueNames
cn: mail
uniqueMember:
- uid=johndoe,ou=people,{{ testsite_ldap_base }}
- uid=janedoe,ou=people,{{ testsite_ldap_base }}
- dn: ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: mail
- dn: ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: domains
- dn: ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: aliases
- dn: ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: organizationalUnit
ou: domains
- dn: dc={{ testsite_domain }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: dNSDomain
dc: "{{ testsite_domain }}"
- dn: dc={{ testsite_domain_alternative }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: dNSDomain
dc: "{{ testsite_domain_alternative }}"
- dn: cn=postmaster@{{ testsite_domain }},ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
objectClass: nisMailAlias
cn: postmaster@{{ testsite_domain }}
rfc822MailMember: john.doe@{{ testsite_domain }}
|