--- - name: Set domain for slapd debconf: name=slapd question=slapd/domain vtype=string value="{{ ldap_server_config.domain }}" - name: Set organisation for slapd debconf: name=slapd question=slapd/organization vtype=string value="{{ ldap_server_config.organization }}" - name: Install slapd apt: name=slapd state=installed - name: Install Python LDAP bindings apt: name=python-ldap state=installed - name: Enable slapd service service: name=slapd enabled=yes state=started - name: Deploy system logger configuration file for slapd copy: src=slapd_rsyslog.conf dest=/etc/rsyslog.d/slapd.conf owner=root group=root mode=0644 notify: - Restart rsyslog - name: Deploy configuration file for log rotation of slapd logs copy: src=slapd_logrotate dest=/etc/logrotate.d/slapd owner=root group=root mode=0644 - name: Change log level for slapd ldap_entry: dn=cn=config state=replaceattributes olcLogLevel="{{ ldap_server_config.log_level }}" - name: Check if TLS private key is available stat: path="{{ ldap_server_config.tls_key }}" register: tls_key - name: Check if TLS certificate is available stat: path="{{ ldap_server_config.tls_key }}" register: tls_certificate - name: Configure TLS for slapd ldap_entry: dn=cn=config state=replaceattributes olcTLSCertificateFile="{{ ldap_server_config.tls_certificate }}" olcTLSCertificateKeyFile="{{ ldap_server_config.tls_key }}" when: tls_key.stat.exists and tls_certificate.stat.exists notify: - Restart slapd - name: Configure SSF ldap_entry: dn=cn=config state=replaceattributes olcSecurity=ssf="{{ ldap_server_config.ssf }}" olcLocalSSF="{{ ldap_server_config.ssf }}" - name: Enable the memberof module ldap_entry: dn="cn=module{0},cn=config" state=addattributes olcModuleLoad="{1}memberof" - name: Enable the memberof overlay for database ldap_entry: dn: "olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config" objectClass: - olcConfig - olcMemberOf - olcOverlayConfig olcOverlay: memberof - name: Apply database permissions ldap_permissions: filter: "{{ item.filter }}" rules: "{{ item.rules }}" with_items: ldap_permissions - name: Create LDAP entries ldap_entry: "" args: "{{ item }}" with_items: ldap_entries