Files @ a52f9fdabd0f
Branch filter:

Location: majic-ansible-roles/roles/ldap_server/defaults/main.yml

a52f9fdabd0f 1.2 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-132: Added support for Debian 9 (Stretch) to web_server role:

- Introduced internal parameters for controlling differing package
names, service names, and paths for PHP FPM package.
- Added Debian 9 machines to Molecule configuration, including the
client machine.
- Restructured slightly preparaiton playbook to support both Jessie
and Stretch.
- Added custom pytest fixture for having a better way to determine
expected package names etc related to PHP.
- Created copy of private key/certificate pair used for testing of
mandatory parameters (to be used with Stretch machine).
- Fixed invalid specification for hosts on top of which the
connectivity test should be run.
- Updated a couple of task names (avoiding to reference PHP 5).
- Updated documentation.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
---

enable_backup: false
ldap_entries: []
ldap_server_domain: "{{ ansible_domain }}"
# Internal value, base DN.
ldap_server_int_basedn: "{{ ldap_server_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"
ldap_server_organization: "Private"
ldap_server_log_level: 256
ldap_server_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + ansible_fqdn + '_ldap.pem') }}"
ldap_server_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + ansible_fqdn + '_ldap.key') }}"
ldap_server_ssf: 128
ldap_server_consumers: []
ldap_server_groups: []
ldap_permissions:
  - >
    to *
    by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
    by dn="cn=admin,{{ ldap_server_int_basedn }}" manage
    by * break
  - >
    to attrs=userPassword,shadowLastChange
    by self write
    by anonymous auth
    by * none
  - >
    to dn.base=""
    by * read
  - >
    to *
    by self write
    by dn="cn=admin,{{ ldap_server_int_basedn }}" write
    by users read
    by * none

ldap_tls_ciphers: "NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA256:+SIGN-RSA-SHA384:\
+SIGN-RSA-SHA512:+DHE-RSA:+ECDHE-RSA:+SHA256:+SHA384:+AEAD:+AES-128-GCM:+AES-128-CBC:+AES-256-GCM:+AES-256-CBC:+CURVE-ALL"
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.